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(57) An information receiving apparatus receives 
identification information and encrypted identification in- 
formation and makes a comparison between them to al- 
low prevention of illegal utilization of contents data. Al- 
so, a data storage apparatus can record contents data 
encrypted by a content key and the content key so that 
the contents data can be reproduced on other appara- 
■ tuses to improve versatility. Moreover, a management 
apparatus can manage the contents data in the data 
storage apparatus to allow other apparatuses to utilize 
it And also, an information regulating apparatus can 
verify a signature on available data to prevent illegal uti- 
lization of the contents data. Furthermore, the data stor- 
age apparatus can store the content key, its handling 
policies, the contents data encrypted by the content key 
and its license conditions information so as to safely pro- 
vide the contents data. In addition, an information re- 
cording apparatus can select favorite contents data and 
store it on the data storage apparatus. Furthermore, the 
information receiving apparatus can prevent utilization 
of provision-prohibited contents data by a provision pro- 



hibition list. 
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Description 

Technical Field 

5 [0001] The present invention relates to an information sending system, an information sending apparatus and its 
method, an information receiving apparatus and its method, a recording and reproducing system, a recording and 
reproducing apparatus and its method, a reproducing apparatus and its method, a data storage apparatus and its 
method, a data management system, a management apparatus, a data management method, a data management 
and migration method, an information provision system, an information regulating apparatus and its method, a data 

10 utilization method, an information provision apparatus and its method, an information recording apparatus, a list sending 
apparatus and its method and a program storage medium, and suitably applies, for instance, to an information sending 
system wherein a contents holder or seller can safely distribute the contents to contents users. 

Background Art 

15 ■ 

[0002] Conventionally, there is a system wherein information (contents) such as music is encrypted and sent to an 
information processing apparatus of a user having executed a predetermined agreement so that the user may decrypt 
and utilize the contents on the information processing apparatus. f 
[0003] For instance, as shown in Figure 116, a case where two contents sending apparatuses and one contents 

20 receiving apparatus are provided will be described. 

[0004] First contents sending apparatus 600 comprises data encryption section 601, data encryption section 602, 
content key generation section 603 and tamper resistant memory 604. Moreover, the tamper resistant memory referred 
to here may be any such memory as will not have its data easily read by a third party, and no hardware-wise limitation 
is required in particular (for instance, it may be a hard disk placed in an entry-controlled room or a hard disk of a 

25 password-controlled personal computer). Tamper resistant memory 604 stores distribution key necessary to encrypt 
content key supplied in advance from an electronic distribution service center (not illustrated). 
[0005] In order to generate data to be delivered to contents receiving apparatus 620, first contents sending apparatus 
600 generates content key K^, by using content key generation section 603, and encrypts contents by using this key 
at data encryption section 601. Also, content key is encrypted by using distribution key K d at data encryption 

30 section 602. These encrypted contents and content key K co1 are sent to contents receiving apparatus 620. 

[0006] Incidentally, like contents sending apparatus 600, second contents sending apparatus 610 comprises data 
encryption section 611 , data encryption section 612, content key generation section 613 and tamper resistant memory 
614, and generates content key a * content key generation section 613, and encrypts contents by using this key 
at data encryption section 611. Also, data encryption section 612 encrypts content key by using distribution key 

35 K d supplied from the electronic distribution service center (not illustrated). Thus, second contents sending apparatus 
610 sends the encrypted contents and encrypted content key to contents receiving apparatus 620. 
[0007] Contents receiving apparatus 620 comprises sending and receiving section 621, upper controller 622, en- 
cryption processing section 623, memory 624, data decryption section 625, data decryption section 626 and tamper 
resistant memory 627. Moreover, as there are such an indefinite number of contents users that it cannot be grasped 

40 how they will handle the apparatuses, the tamper resistant memory referred to here requires its internal data to be 
protected hardware-wise, and thus encryption processing section 623 is a semiconductor chip of a structure difficult 
to access from outside and has a multilayered structure wherein the tamper resistant memory inside it has character- 
istics making it difficult to illicitly read data from outside such as being sandwiched between dummy layers like aluminum 
layers and having a narrow range of operating voltage or frequency. And tamper resistant memory 627 stores distri- 

45 bution key K d supplied in advance from the electronic distribution service center (not illustrated). 

[0008] Incidentally, while tamper resistant memories 604, 614 of first and second contents sending apparatuses 600 
and 610 are the memories accessible from outside, methods of accessing them are limited. It may be password or 
entry control. On the other hand, as for tamper resistant memory 627 of contents receiving apparatus 620, the memory 
itself has a structure not to be illicitly accessed from outside, and there is limited or no method of reading its internal 

50 data from outside by formal means for access. Moreover, while it is impossible to read internal data of tamper resistant 
memory 627 from outside, there may be a method of access only capable of changing data from outside if former key 
data or the like is used. Also, in encryption processing section 623, it is possible to access a memory and read prede- 
termined data, but it is impossible to read internal memory from outside. 

[0009] Contents and content keys K co1 and sent from first or second contents sender 600 or 610 are received 
55 by sending and receiving section 621 and delivered to upper controller 622. Upper controller 622 stores such data in 
memory 624 once, and in the case of utilizing the contents, it delivers content key and the contents to encryption 
processing section 623. On receiving them, encryption processing section 623 decrypts them by using distribution key 
K d stored in tamper resistant memory 627 in advance in data decryption section 625, and then decrypts them by using 
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content key in data decryption section 626, and utilizes the contents. At this time, there are cases where it involves 
accounting. 

[0010] Incidentally, in an information processing system shown in Figure 116, there was a problem that a method 
had yet to be established for preventing the contents from being illicitly utilized such as providing illegal contents to 
5 the system or illicitly benefiting a third party due to accounting involved in use of contents. 

[0011] Also, in such an information provision system, there are cases where recording and reproducing apparatus 
630 shown in Figure 117 is provided, and such recording and reproducing apparatus 630 has, for instance, record 
medium 640 consisting of MD (Mini Disk: a trademark) provided in a removable manner. 

[0012] In this case, recording and reproducing apparatus 630 comprises sending and receiving section 631, control 
10 section 632, encryption processing section 633, expansion section 634 and external memory control section 635, and 
it stores distribution key for decrypting content key supplied in advance from an electronic distribution service 
center (not illustrated) to encryption processing section 633 and also holds save key unique to encryption process- 
ing section 633. 

[001 3]., And recording and reproducing apparatus 630 has encrypted contents and content key sent from first or 
15 second contents sending apparatus 600 or 610 received by sending and receiving section 631. and sends out the 
received encrypted contents and content key to control section 632. Control section 632 holds the encrypted con- 
tents in record medium 640 via external memory control section 635, and sends out encrypted content key K^, to 
encryption processing section 633. 

[0014] Thus, encryption processing section 633 decrypts encrypted content key by using distribution key K d , and 
20 then decrypts content key by using save key and sends out content key encrypted by the save key 

to control section 632. Thus, control section 632 has content key encrypted by save key held by record 
medium 640 via external memory control section 635. 

[0015] Moreover, in the case of utilizing contents, in recording and reproducing apparatus 630, control section 322 
reads encrypted contents and content key from record medium 640 so as to send out the encrypted contents to 
25 expansion section 634 and also send out encrypted content key to encryption processing section 633. Thus, en- 
cryption processing section 633 decrypts encrypted content key by the save key K MVB and sends out acquired 
content key to expansion section 634. Thus, expansion section 634 decrypts encrypted contents by using content 
key and is accordingly capable of using the contents. 

[001 6] In such recording and reproducing apparatus 630, however, even if record medium 640 is loaded, for instance, 
30 on a recording and reproducing apparatus other than recording and reproducing apparatus 630 used for recording 
contents by holding content key encrypted by save key unique to encryption processing section 633 on record 
medium 640 and having the save key held by encryption processing section 633, the contents recorded on record 
medium 640 cannot be reproduced on the other recording and reproducing apparatus since it does not hold the save 
key Kgave used for recording the content key K^. 
35 [0017] Therefore, such record medium 640 had a problem that its versatility is remarkably low in spite of being 
provided in a removable manner to recording and reproducing apparatus 630. 

[0018] In addition to this, recording and reproducing apparatus 630 had a problem that, even if a user wanted to 
utilize the contents recorded on the record medium by recording them on another apparatus or another record medium, 
they could not be easily utilized since the record medium was provided in a removable manner. 

40 [0019] Furthermore, the information processing system had a problem that, even in contents receiving apparatus 
620, a method had yet to be established for preventing received contents from being illicitly utilized. 
[0020] Moreover, contents receiving apparatus 620 to be connected to first and second contents sending apparatuses 
600 and 6 1 0 had a problem that, as it is assumed to be owned by a user, contents cannot be easily provided for anyone 
else not in possession of the contents receiving apparatus 620. 

45 [0021] In addition, the information processing system had a problem that, in the case where a user uses contents 
receiving apparatus 620 to record a plurality of favorite contents on a predetermined record medium and creates an 
album, the favorite contents had to be read and recorded one by one in the record medium by using contents receiving 
apparatus 620, which recording work was complicated. 

[0022] Furthermore, the information provision system had a problem that, in the case where any contents of which 
50 transmission was stopped due to occurrence of a defect (occurrence of an error in data), for instance, was sent by 
mistake from first and second contents sending apparatuses 600 and 610 to contents receiving apparatus 620, it was 
difficult to prevent utilization of the contents on the contents receiving apparatus 620. 

Disclosure of the Invention 

55 

[0023] The present invention is implemented in consideration of the above points, and proposes an information 
sending system, an information sending apparatus, an information receiving apparatus, an information sending method, 
an information receiving method and a program storage medium to prevent contents data from being illicitly utilized. 
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[0024] To find a solution to such a challenge, the present invention provides, in an information sending system for 
sending predetermined contents data from an information sending apparatus to an information receiving apparatus, 
the means for holding identification information to identify an information sending apparatus encrypted by a distribution 
key unique to the information receiving apparatus, adding identification information to contents data in order to make 

5 a comparison with identification information encrypted by a distribution key, and sending identification information en- 
crypted by a distribution key together with contents data with identification information added in an information sending 
apparatus, and provides the means for holding a distribution key, receiving contents data with identification information 
added and identification information encrypted by a distribution key, decrypting by a distribution key identification in- 
formation encrypted by the distribution key, and comparing identification information added to contents data with de- 

10 crypted identification information in an information receiving apparatus. 

[0025] Thus, it is possible to easily and securely determine whether or not the contents data can be property utilized 
from results of comparing identification information added to contents data with decrypted identification information, 
and an information sending system can be implemented, which is capable of preventing the contents data from being 
illicitly utilized. 

15 [0026] Also, the present invention provides, in an information sending apparatus sending predetermined contents 
data to an information receiving apparatus, the means for holding identification information to identify an information 
sending apparatus encrypted by a distribution key unique to the information receiving apparatus, adding identification 
information to contents data in order to make a comparison with identification information encrypted by a distribution 
key, and sending identification information encrypted by a distribution key together with contents data with identification 

20 information added. 

[0027] Therefore, it is possible to provide a transmission subject with identification information added to contents 
data and encrypted identification information to be compared in order to determine whether or not the contents data 
can be properly utilized, and thus an information sending apparatus and a program storage medium capable of pre- 
venting the contents data from being illicitly utilized can be implemented. 

25 [0028] Furthermore, the present invention provides, in an information receiving apparatus for receiving predeter- 
mined contents data sent from an information sending apparatus, the means for holding a predetermined distribution 
key unique to the information receiving apparatus, receiving contents data sent from an information sending apparatus 
with identification information added to identify the information sending apparatus and identification information en- 
crypted by a distribution key, decrypting by a distribution key the identification information encrypted by the distribution 

30 key, and comparing the identification information added to the contents data with the decrypted identification informa- 
tion. 

[0029] Thus, it is possible to easily and securely determine whether or not the contents data can be properly utilized 
from results of comparing identification information added to contents data with decrypted identification information, 
and accordingly an information receiving system, an information receiving method and a program storage medium 

35 capable of preventing the contents data from being illicitly utilized can be implemented. 

[0030] In addition, the present invention provides, in an information sending system for sending predetermined con- 
tents data from an information sending apparatus to an information receiving apparatus, the means for sending, to- 
gether with contents data, data of the maximum number of times of possible re sending predefined to the contents data 
in an information sending apparatus, and provides the means for receiving, together with contents data, data of max- 

<o imum number of times, generating data of the remaining number of times of possible resending of contents data based 
on data of the maximum number of times, and resending, that is, sending together with contents data, data of the 
remaining number of times in an information receiving apparatus. 

[0031] Thus, it is possible to prevent contents data from being resent more often than the predefined maximum 
number of times of possible resending, and accordingly an information sending system capable of preventing the 
45 contents data from being illicitly utilized can be implemented. 

[0032] Moreover, the present invention provides, in an information sending apparatus for sending predetermined 
contents data to an information receiving apparatus, the means for sending to an information receiving apparatus, 
together with contents data, data of the maximum number of times of possible resending predefined to the contents 
data. 

50 [0033] Therefore, it is possible to notify a transmission subject of the predefined maximum number of times of possible 
resending for contents data, and accordingly an information sending apparatus capable of preventing the contents 
data from being illicitly utilized can be implemented. 

[0034] Furthermore, the present invention provides, in an information receiving apparatus for receiving predeter- 
mined contents data sent from an information sending apparatus, the means for receiving contents data and data of 
55 maximum number of times of possible resending predefined to the contents data sent from the information sending 
apparatus, generating data of the remaining number of times of possible resending of contents data based on data of 
the maximum number of times, and resending, that is, sending together with contents data, data of the remaining 
number of times. 



4 



EP 1 128 598 A1 



[0035J Thus, it is possible to prevent contents data from being-resent more often than the predefined maximum 
number of times of possible resending, and accordingly an information receiving apparatus, an information receiving 
method and a program storage medium capable of preventing the contents data from being illicitly utilized can be 
implemented. 

5 [0036J Moreover, the present invention provides, in an information sending method for sending predetermined con- 
tents data from an information sending apparatus to an information receiving apparatus, the steps of adding identifi- 
cation information to identify the information sending apparatus to contents data by the information sending apparatus, 
sending contents data with identification information added and identification information to identify the information 
sending apparatus encrypted by a distribution key unique to the information receiving apparatus by the information 

10 sending apparatus, receiving contents data with identification information added and identification information encrypt- 
ed by a distribution key by the information receiving apparatus, decrypting by a distribution key identification information 
encrypted by the distribution key by the information receiving apparatus, and comparing identification information added 
to contents data with decrypted identification information by the information receiving apparatus. 
[0037] Thus, it is possible to easily and securely determine whether or not the contents data can be property utilized 

15 from results of comparing identification information added to contents data with decrypted identification information, 
and accordingly an information sending method capable of preventing the contents data from being illicitly utilized can 
be implemented. 

[00381 -9 Moreover, the present invention provides, in an information sending method for sending predetermined con- 
tents data from an information sending apparatus to an information receiving apparatus, the steps of sending, together 

20 with contents data, data of the predefined maximum number of times of possible resending to the contents data by the 
information sending apparatus, receiving, together with contents data, data of maximum number of times by the infor- 
mation receiving apparatus, generating data of the remaining number of times of possible resending of contents data 
based on data of the maximum number of times by the information receiving apparatus, and resending, that is, sending 
together with contents data, data of the remaining number of times by the information receiving apparatus. 

25 [0039] Thus, it is possible to prevent contents data from being resent more often than the predefined maximum 
number of times of possible resending, and accordingly an information sending method and a program storage medium 
capable of preventing the contents data from being illicitly utilized can be implemented. 

[0040] Moreover, the present invention is implemented in consideration of the above points, and is intended to pro- 
pose a recording and reproducing system, a recording and reproducing apparatus, a reproducing apparatus, a data 
30 storage apparatus, a recording and reproducing method, a reproducing method and a program storage-medium ca- 
pable of markedly improving versatility of data storage apparatuses. 

[0041] To find a solution to such a challenge, the present invention provides, in a recording and reproducing system 
for recording and reproducing predetermined contents data sent from an information sending apparatus on a removable 
data storage apparatus by a recording and reproducing apparatus, the means for encrypting contents data by a pre- 

35 determined content key, and sending a content key and the contents data encrypted by the content key in an information 
sending apparatus, and provides, in the recording and reproducing apparatus, the means for receiving a content key 
and the contents data encrypted by the content key sent from the information sending apparatus, sending out the 
received content key and the contents data encrypted by the content key to a data storage apparatus and having them 
recorded thereby or having the content key and the contents data encrypted by the content key reproduced from the 

40 data storage apparatus to read them, and provides, in the data storage apparatus, the means for holding a predeter- 
mined record medium and a predetermined save key, encrypting a content key by a save key, recording a content key 
encrypted by a save key and the contents data encrypted by the content key on a record medium or reproducing a 
content key encrypted by a save key and the contents data encrypted by the content key from the record medium, and 
decrypting the content key encrypted by a save key by the save key. 

45 [0042] Thus, to the extent that it is not necessary to hold a save key on the recording and reproducing apparatus 
side, contents data can be reproduced from a data storage apparatus by a recording and reproducing apparatus other 
than' one recording contents data on the data storage apparatus, and thus a recording and reproducing system capable 
of markedly improving versatility of data storage apparatuses can be implemented. 

[0043] Also, the present invention provides, in a recording and reproducing apparatus for which a data storage ap- 
50 paratus having a predetermined record medium is provided in a removable manner, the means for controlling recording 
and reproducing for sending out contents data encrypted by a predetermined content key and the content key to a 
data storage apparatus, encrypting the content key by using a predetermined save key unique to the data storage 
apparatus, having the content key encrypted by the save key and the contents data encrypted by content key recorded 
on a record medium, and also having the content key encrypted by the save key and the contents data encrypted by 
55 content key reproduced from the record medium, decrypting the content key encrypted by a save key by using the 
save key. and reading the acquired content key and the contents data encrypted by the content key from the data 
storage apparatus. 

[0044] Thus, to the extent that it is not necessary to hold a save key, the contents data can be reproduced from a 
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data storage apparatus recording contents data on another recording and reproducing apparatus, and thus a recording 
and reproducing apparatus, a recording and reproducing method and a program storage medium capable of markedly 
improving versatility of data storage apparatuses can be implemented. 

[0045] In addition, the present invention provides, in a reproducing apparatus for which a data storage apparatus 
having a predetermined record medium is provided in a removable manner, the means for controlling reproducing for 
having contents data encrypted by a predetermined content key recorded in advance on a record medium of the data 
storage apparatus and a content key encrypted by a predetermined save key unique to the data storage apparatus 
reproduced, decrypting the content key encrypted by a save key by using the save key, and reading the acquired 
content key and the contents data encrypted by the content key from the data storage apparatus. 
[0046] Thus, to the extent that it is not necessary to hold a save key, the contents data can be reproduced from a 
data storage apparatus on any recording and reproducing apparatus, and thus a reproducing apparatus, a reproducing 
method and a program storage medium capable of markedly improving versatility of data storage apparatuses can be 
implemented. 

[0047] Moreover, the present invention provides, in a data storage apparatus provided in a removable manner on a 
recording and/or reproducing apparatus for recording and/or reproducing predetermined data under control of the 
recording and/or reproducing apparatus, the means for holding a predetermined record medium and a predetermined 
save key, communicating, that is, sending and receiving predetermined contents data encrypted by a predetermined 
content key and the content key between itself and a recording and/or reproducing apparatus, encrypting a content 
key by a save key under control of the recording and/or reproducing apparatus, recording the content key encrypted 
by a save key and contents data encrypted by the content key on a record medium or reproducing the content key 
encrypted by a save key and contents data encrypted by the content key from the record medium under control of the 
recording and/or reproducing apparatus, and decrypting the content key encrypted by a save key by using the save 
key under control of the recording and/or reproducing apparatus. 

[0048] Thus, even if a recording and reproducing apparatus does not hold a save key, the contents data can be 
recorded or reproduced, and thus a data storage apparatus and a program storage medium capable of markedly 
improving versatility can be implemented. 

[0049] Furthermore, the present invention is implemented in consideration of the above points, and is intended to 
propose a data management system, a management apparatus, a data storage apparatus and a data management 
method, a data management and migration method and a program storage medium, which allow contents data recorded 
on a data storage apparatus to be easily utilized by various apparatuses. 

[0050] To find a solution to such a challenge, the present invention provides, in a data management system, a pre- 
determined data storage apparatus, a recording apparatus for recording predetermined contents data on a data storage 
apparatus, a management apparatus for capturing contents data stored in a data storage apparatus and managing 
movement of the captured contents data to various apparatuses in place of the data storage apparatus to be connected 
to various apparatuses. 

[0051] Therefore, it is possible to easily move the contents data recorded on a data storage apparatus to various 
apparatuses under management of a management apparatus, and thus a data management system that allow contents 
data recorded on a data storage apparatus to be easily utilized by various apparatuses can be implemented. 
[0052] Also, the present invention captures predetermined contents data recorded in a data storage apparatus, and 
manages movement of the captured contents data to various apparatuses in place of the data storage apparatus in a 
management apparatus connecting various apparatuses with a predetermined data storage apparatus. 
[0053] Thus, it is possible to manage contents data recorded in a data storage apparatus in place of the data storage 
apparatus and easily move the contents data to various apparatuses, and thus a management apparatus, a data 
management method and a program storage medium that allow contents data recorded on a data storage apparatus 
to be easily utilized by various apparatuses can be implemented. 

[0054] Furthermore, the present invention manages, under control of a predetermined recording apparatus, move- 
ment of contents data to various apparatuses in a data storage apparatus for recording predetermined contents data, 
and when the various apparatuses are connected to a predetermined management apparatus to be connected to, it 
moves contents data to the management apparatus. 

[0055] Therefore, it is possible to rely on a management apparatus for management of recorded contents data and 
easily move the contents data to various apparatuses via the management apparatus, and thus a data storage appa- 
ratus, a data management and migration method and aprogram storage medium that allow contents data recorded on 
a data storage apparatus to be easily utilized by various apparatuses can be implemented. 

[0056] Moreover, the present invention provides, in a data management method, the steps of recording predeter- 
mined contents data on a predetermined data storage apparatus by a predetermined recording apparatus, and man- 
aging, that is, capturing contents data stored in a data storage apparatus and managing movement of the captured 
contents data to various apparatuses in place of the data storage apparatus by a management apparatus to be con- 
nected to various apparatuses. 
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[0057] Thus, it is possible to easily move the contents data recorded on a data storage apparatus to various appa- 
ratuses under management of a management apparatus, and thus a data management method that allows contents 
data recorded on a data storage apparatus to be easily utilized by various apparatuses can be implemented. 
[0058] Furthermore, the present invention is implemented in consideration of the above points, and is intended to 
5 propose an information provision system, an information regulating apparatus, an information receiving apparatus, an 
information provision method, an information regulating method, a data utilization method and a program storage me- 
dium capable of preventing contents data from being illicitly utilized. 

[0059] To find a solution to such a challenge, the present invention provides, in an information provision system, an 
information receiving apparatus for receiving predetermined contents data that is sent and adding a signature to and 

10 sending utilization permission data showing the received contents data, an information regulating apparatus for veri- 
fying a signature on utilization permission data to determine whether the utilization permission data is illegal data and 
if determined so, prohibiting the information receiving apparatus from utilizing the contents data. 
[0060] Thus, an information provision system can be implemented, which is capable of determining by an information 
regulating apparatus in advance whether the contents data received by an information receiving apparatus will be 

15 illicitly Utilized and preventing the contents data from being illicitly utilized. 

[0061] Also, in the present invention, an information regulating apparatus connected online to a predetermined in- 
formation receiving apparatus shows predetermined contents data received from the information receiving apparatus 
and has utilization permission data with a signature added sent so as to verify the signature on the utilization permission 
data and determine whether the utilization permission data is illegal data and if determined so, the information receiving 

20 apparatus is prohibited from utilizing the contents data. 

[0062] Thus, an information regulating apparatus, an information regulating method and a program storage medium 
capable of, by determining in advance whether the contents data received by the information receiving apparatus will 
be illicitly used, preventing the contents data from being illicitly utilized can be implemented. 

[0063] Moreover, in the present invention, an information receiving apparatus connected online to a predetermined 
25 information regulating apparatus receives predetermined contents data that is sent and adds to utilization permission 
data showing the received contents data a signature capable of determining whether the contents data shown by the 
utilization permission data is tampered to other contents data and then sends it to the information regulating apparatus. 
[0064] Thus, an information receiving apparatus, a data utilization method and a program storage medium capable 
of, by having an information regulating apparatus determine in advance whether received contents data will be illicitly 
30 utilized, preventing the contents data from being illicitly utilized can be implemented. 

[0065] Furthermore, the present invention provides, in an information provision method, the steps of sending, that 
is, receiving predetermined contents data and adding a signature to and sending utilization permission data showing 
the received contents data by an information receiving apparatus, and prohibiting utilization, that is, verifying a signature 
on utilization permission data to determine whether the utilization permission data is illegal data and if determined so, 
35 prohibiting the information receiving apparatus from utilizing the contents data by information regulating apparatus. 
[0066] Thus, an information provision method can be implemented, which is capable of determining by an information 
regulating apparatus in advance whether the contents data received by an information receiving apparatus will be 
illicitly utilized and preventing the contents data from being illicitly utilized. 

[0067] In addition, the present invention is implemented in consideration of the above points, and is intended to 
40 propose an information provision system, an information provision apparatus, a data storage apparatus, an information 
provision method, a data store method and a program storage medium capable of easily providing contents data. 
[0068] To find a solution to such a challenge, the present invention provides, in an information provision system 
providing an information provision apparatus with predetermined contents data sent from an information sending ap- 
paratus, the means for encrypting contents data by a predetermined content key, and sending a content key and 
45 contents data encrypted by the content key in the information sending apparatus, and provides the means for receiving 
the content key and contents data encrypted by the content key sent from the information sending apparatus, decrypting 
by the content key the contents data encrypted by the content key, inserting a digital watermark, that is. inserting by a 
digital watermark predetermined information into the contents data decrypted by the content key, and recording the 
contents data with the information inserted on a removable record medium in the information provision apparatus. 
50 [0069] Thus, it is possible, even if an information user does not have a contents data receiving apparatus, to record 
contents data on a record medium of the information user with ensured security, and accordingly an information pro- 
vision system capable of easily providing contents data can be implemented. 

[0070] Moreover, the present invention provides, in an information provision apparatus providing predetermined con- 
tents data sent from an information sending apparatus, the means for receiving contents data encrypted by a prede- 
55 termined content key and the content key sent from the information sending apparatus, decrypting by the content key 
the contents data encrypted by the content key, inserting a digital watermark, that is, inserting by a digital watermark 
predetermined information into the contents data decrypted by the content key. and recording the contents data with 
the information inserted on a removable record medium. 
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[0071] Thus, it is possible, even rf an information user does not have a contents data receiving apparatus, to record 
contents data on a record medium of the information user with ensured security, and accordingly an information pro- 
vision apparatus, an information provision method and a program storage medium capable of easily providing contents 
data can be implemented. 

5 [0072] Furthermore, the present invention provides, in an information provision apparatus providing predetermined 
contents data sent from an information sending apparatus, the means for creating license conditions information pre- 
scribing conditions for using contents data based on handling policies prescribing conditions for use of a content key 
sent from the information sending apparatus together with a content key and the contents data encrypted by the content 
key, and storing, that is, sending the handling policies and the license conditions information together with the content 

10 key and the contents data encrypted by the content key to a predetermined removable data storage apparatus and 
storing them thereon. 

[0073] Thus, it is possible, even if an information user does not have a contents data receiving apparatus, to record 
contents data on a data storage apparatus of the information user with ensured security, and accordingly an information 
provision apparatus, an information provision method and a program storage medium capable of easily providing con- 

15 tents data can be implemented. 

[0074] In addition, the present invention provides, in an data storage apparatus storing predetermined contents data 
sent from an information provision apparatus, the means for receiving a content key and contents data encrypted by 
the content key, handling policies prescribing conditions for using the content key, and license conditions information 
prescribing conditions for using the contents data created as necessary based on the handling policies sent from a 

20 predetermined record medium and an information provision apparatus, and recording the content key, the contents 
data encrypted by the content key, the handling policies and the license conditions information on a record medium. 
[0075] Thus, it is possible, even if an information user does not have a contents data receiving apparatus, to record 
contents data with ensured security, and accordingly a data storage apparatus, a data storage method and a program 
storage medium capable of easily providing contents data can be implemented. 

25 [0076] Furthermore, the present invention is implemented in consideration of the above points, and implements an 
information recording apparatus, a data storage apparatus, a data store method and a program storage medium ca- 
pable of easily recording a plurality of favorite contents data. 

[0077] To find a solution to such a challenge, the present invention provides, in an information recording apparatus 
storing predetermined contents data on a predetermined data storage apparatus, the means for selecting, that is, 
30 categorizing and managing a contents server holding a plurality of contents data and the contents data held on the 
contents server, and if a desired category and a number of contents are specified, arbitrarily selecting a plurality of 
contents data equivalent to the specified number of contents among the contents data belonging to the specified cat- 
egory, and storing, that is, reading the selected contents data from the contents server and storing it on the data storage 
apparatus. 

35 [0078] Thus, it is possible to easily select and store on a data storage apparatus a plurality of a user's favorite contents 
data, and accordingly an information recording apparatus, a data store method and a program storage medium capable 
of easily recording a plurality of favorite contents data can be implemented. 

[0079] Moreover, the present invention provides, in a data storage apparatus on which predetermined contents data 
is stored by an information recording apparatus, the means for receiving a plurality of contents data belonging to a 
40 desired category among a plurality of categorized contents data and equivalent to a desired number of contents sent 
from a predetermined record medium and the information recording apparatus, and recording the contents data col- 
lectively on the record medium. 

[0080] Thus, a data storage apparatus, a data store method and a program storage medium capable of recording a 
plurality of favorite contents data sent from an information recording apparatus can be implemented. 
45 [0081] Furthermore, the present invention is implemented in consideration of the above points, and is intended to 
propose an information provision system, a list sending apparatus, an information receiving apparatus, an information 
provision method, an information receiving method, a list sending method and a program storage medium capable of 
almost certainly preventing contents data of which provision is prohibited from being utilized. 

[0082] To find a solution to such a challenge, the present invention provides, in an information provision system, an 
50 information sending apparatus for sending predetermined contents data, a list sending apparatus for creating a provi- 
sion prohibition list showing contents data designated as provision-prohibited and sending the created prohibition list, 
and an information receiving apparatus for determining whether contents data sent from the information sending ap- 
paratus is provision-prohibited based on the provision prohibition list, and if determined so, stopping capture of the 
contents data. 

55 [0083] Thus, in an information receiving apparatus, an information provision system can be implemented, which is 
capable of almost certainly preventing provision-prohibited contents and contents sent from a utilization-prohibited 
information sending apparatus from being bought and accordingly capable of almost certainly preventing provision- 
prohibited contents data from being utilized. 
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[0084] Also, the present invention provides, in a list sending apparatus for sending a predetermined list to an infor- 
mation receiving apparatus receiving predetermined contents data sent from an information sending apparatus, the 
means for creating a list, that is, creating a provision prohibition list showing contents data designated as provision- 
prohibited, and sending a provision prohibition list to the information receiving apparatus. 

[0085] Thus, in an information receiving apparatus, a list sending apparatus, a list sending method and a program 
storage medium capable of. based on a provision prohibition list, almost certainly preventing provision-prohibited con- 
tents and contents sent from a utilization- prohibited information sending apparatus from being bought and accordingly 
capable of almost certainly preventing provision-prohibited contents data from being utilized can be implemented. 
[0086] Moreover, the present invention provides, in an information receiving apparatus receiving predetermined con- 
tents data sent from an information sending apparatus and a predetermined list sent from a list sending apparatus, the 
means for holding a list, that is, holding a provision prohibition list showing contents data designated as provision- 
prohibited sent from the list sending apparatus, and stopping capture, that is, determining whether contents data sent 
from an information sending apparatus is provision- prohibited, and if determined so, stopping capture of the contents 
data. 

[0087)" Thus, an information receiving apparatus, an information receiving method and a program storage medium 
capable of almost certainly preventing provision-prohibited contents and contents sent from a utilization-prohibited 
information sending apparatus from being bought and accordingly capable of almost certainly preventing provision- 
prohibited contents data from being utilized can be implemented. 

[0088] Moreover, the present invention provides, in an information providing method, the steps of sending a list, that 
is, creating a provision prohibition list showing contents data designated as provision-prohibited and sending the cre- 
ated provision prohibition list by a list sending apparatus, sending predetermined contents data by an information 
sending apparatus, and stopping capture, that is, determining by an information receiving apparatus whether contents 
data sent from an information sending apparatus is provision-prohibited based on the provision prohibition list, and if 
determined so, stopping capture of the contents data. 

[0089J Thus, in an information receiving apparatus, an information provision method can be implemented, which is 
capable of almost certainly preventing provision-prohibited contents and contents sent from a utilization-prohibited 
information sending apparatus from being bought and accordingly capable of almost certainly preventing provision- 
prohibited contents data from being utilized. 

[0090] Incidentally, in online equipment and offline equipment of an information receiving apparatus, when sending 
contents data between the online equipment and the offline equipment, history information is created according to 
identification information of the contents data and identification information of the equipment of the source, and on 
receipt of a provision prohibition list, the history information is searched, and if contents data that newly became pro- 
vision-prohibited is sent, a current provision prohibition list held by the equipment is sent to the source of the contents 
data so as to prevent any illegal contents data from diffusing from the source equipment to any other equipment. 



Brief Description of the Drawings 

[0091] Figure 1 is a block diagram showing overall configuration of an electronic music distribution system according 
to the present invention. 

[0092] Figure 2 is a block diagram showing configuration of an electronic distribution service center. 

[0093] Figure 3 is a skeleton diagram showing an example of a periodic update of a key. 

[0094] Figure 4 is a skeleton diagram showing an example of a periodic update of a key. 

[0095] Figure 5 is a skeleton diagram showing an example of a periodic update of a key. 

[0096] Figure 6 is a skeleton diagram showing an example of a periodic update of a key. 

[0097] Figure 7 is a skeleton diagram showing data contents of a user registration database. 

[0098] Figure 8 is a skeleton diagram showing registration information of each individual group. 

[0099] Figure 9 is a block diagram showing configuration of a contents provider. 

[01 00] Figure 10 is a flowchart showing a procedure for generating a signature. 

[0101] Figure 11 is a flowchart showing a procedure for verifying a signature. 

[0102] Figure 12 is a flowchart showing a method of elliptic curve encryption. 

[0103] Figure 13 is a flowchart showing a decrypting process of elliptic curve encryption. 

[0104] Figure 14 is a block diagram showing configuration of a service provider. 

[01 05] Figure 15 is a block diagram showing configuration of a user home network. 

[0106] Figure 16 is a skeleton diagram served for explanation of operation of an external memory control section. 

[0107] Figure 17 is a block diagram showing configuration of a record medium dedicated to electronic distribution. 

[01 08] Figure 18 is a block diagram showing data contents of the equipment. 

[0109] Figure 19 is a block diagram showing data contents held by a record medium. 

[0110] Figure 20 is a skeleton block diagram showing data flow of the entire system. 
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[0111] Figure 21 is a skeleton block diagram showing flow of a public key certificate. 

[0112] Figure 22 is a skeleton diagram showing a contents provider secure container. 

[01 13] Figure 23 is a skeleton diagram showing a contents provider secure container. 

[0114] Figure 24 is a skeleton diagram showing a contents provider secure container. 

[01 15] Figure 25 is a skeleton diagram showing a contents provider secure container. 

[0116] Figure 26 is a skeleton block diagram showing a public key certificate of a contents provider. 

[0117] Figure 27 is a skeleton block diagram showing a public key certificate of a contents provider. 

[01 18] Figure 28 is a skeleton block diagram showing a public key certificate of a contents provider. 

[0119] Figure 29 is a skeleton diagram showing a service provider secure container. 

[0120] Figure 30 is a skeleton diagram showing a service provider secure container. 

[0121] Figure 31 is a skeleton diagram showing a public key certificate of a service provider. 

[0122] Figure 32 is a skeleton diagram showing a public key certificate of user equipment. 

[0123] Figure 33 is a diagram showing handling policies of single contents. 

[0124] Figure 34 is a diagram showing handling policies of album contents. 

[01 25] Figure 35 is a diagram showing another example of handling policies of single contents. 

[0126] Figure 36 is a diagram showing another example of handling policies of album contents. 

[0127] Figure 37 is a diagram showing price information of single contents. 

[0128] Figure 38 is a diagram showing price information of album contents. 

[0129] Figure 39 is a diagram showing another example of price information of single contents. 

[0130] Figure 40 is a diagram showing another example of price information of album contents. 

[0131] Figure 41 is a diagram showing license conditions information. 

[0132] Figure 42 is a diagram showing accounting information. 

[0133] Figure 43 is a diagram showing another example of accounting information. 

[0134] Figure 44 is a diagram showing a list of utilization rights. 

[0135] Figure 45 is a diagram showing utilization rights. 

[0136] Figure 46 is a diagram showing single contents. 

[0137] Figure 47 is a diagram showing album contents. 

[0138] Figure 48 is a diagram showing key data for single contents; 

[0139] Figure 49 is a block diagram served for explanation of encryption processing of an individual key. 

[0140] Figure 50 is a diagram showing key data for album contents. 

[0141] Figure 51 is a timing chart showing a mutual authentication process using symmetrical key technology. 

[0142] Figure 52 is a timing chart showing a mutual authentication process using asymmetrical key technology. 

[0143] Figure 53 is a skeleton block diagram showing transmitting operation of accounting information. 

[0144] Figure 54 is a skeleton block diagram showing profit distribution processing operation. 

[0145] Figure 55 is a skeleton block diagram showing transmitting operation of a track record of contents utilization. 

[0146] Figure 56 is a flowchart showing a procedure for distributing and reproducing contents. 

[0147] Figure 57 is a flowchart showing a procedure of transmission to a contents provider. 

[0148] Figure 58 is a flowchart showing a registration procedure of settlement information. 

[0149] Figure 59 is a flowchart showing a procedure for newly registering an equipment ID. 

[0150] Figure 60 is a flowchart showing a procedure of additional registration of equipment. 

[0151] Figure 61 is a flowchart showing a procedure for determining conditions for starting to change registration 
information. 

[0152] Figure 62 is a flowchart showing a procedure for updating registration information. 

[01 53] Figure 63 is a flowchart showing a proxy procedure for updating registration information by a fixed apparatus. 

[01 54] Figure 64 is a flowchart showing a proxy procedure for updating registration information by a fixed apparatus. 

[0155] Figure 65 is a flowchart showing a transmission procedure of a secure container. 

[0156] Figure 66 is a flowchart showing a transmission procedure of a secure container. 

[01 57] Figure 67 is a flowchart showing a purchasing procedure of a home server. 

[01 58] Figure 68 is a flowchart showing a procedure of tampering check when reading data. 

[0159] Figure 69 is a flowchart showing a procedure of tampering check when writing data. 

[01 60] Figure 70 is a flowchart showing a procedure of tampering check when rewriting data. 

[0161] Figure 71 is a flowchart showing a procedure of tampering check when deleting data. 

[01 62] Figure 72 is a flowchart showing a procedure for reproducing contents by a home server. 

[01 63] Figure 73 is a flowchart showing a procedure for reproducing contents by a home server. 

[01 64] Figure 74 is a flowchart showing a proxy purchasing procedure of contents utilization rights by a home server. 

[01 65] Figure 75 is a flowchart showing a contents change procedure of a purchased user. 

[0166] Figure 76 is a skeleton diagram showing a rule section of a handling policy. 

[01 67] Figure 77 is a skeleton diagram showing contents of a rule section of price information. 
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[0168] Figure 78 is a skeleton diagram showing an example of changed contents of rights. 

[0169J Figure 79 is a flowchart showing a redistributing procedure of contents utilization rights. 

[01701 Figure 80 is a flowchart showing a purchasing procedure of contents utilization rights by a fixed apparatus. 

[01711 Figure 81 is a skeleton diagram showing transition of a rule section of license conditions information. 

[0172J Figure 82 is a flowchart showing a moving procedure of management movement rights. 

[0173J Figure 83 is a flowchart showing a returning procedure of management movement rights. 

[0174J Figure 84 is a block diagram showing information sending system according to the present invention. 

[0175J Figure 85 is a block diagram showing information sending system according to the present invention. 

[01761 Figure 86 is a flowchart showing a remote reproduction procedure. 

[0177J Figure 87 is a flowchart showing a reserved purchase procedure. 

[0178J Figure 88 is a flowchart showing a real purchase procedure after a reserved purchase. 

[01 79J Figure 89 is a flowchart showing a proxy purchasing procedure in the case where a home server charges. 

[0180J Figure 90 is a flowchart showing a proxy purchasing procedure in the case where equipment outside the 

group charges. 

[01811 " Figure 91 is a conceptual diagram served for explanation of generation management in a movement procedure 
of management movement rights. 

[0182] Figure 92 is a block diagram showing configuration of a recording and reproducing apparatus. 
[01831 - Figure 93 is a flowchart showing a purchasing procedure of a recording and reproducing apparatus. 
[01841 Figure 94 is a flowchart showing a reproducing procedure of a recording and reproducing apparatus. 
[0185] Figure 95 is a flowchart showing a proxy procedure of accounting information and a movement procedure of 
rights. 

[01861 Figure 96 is a block diagram showing data flow of an entire electronic music distribution system. 

[0187] Figure 97 is a flowchart showing an online accounting purchasing procedure. 

[0188] Figure 98 is a block diagram showing configuration of an electronic music distribution system. 

[0189] Figure 99 is a block diagram showing configuration of a hosting server. 

[0190] Figure 100 is a block diagram showing configuration of a KIOSK terminal. 

[0191J Figure 101 is a skeleton block diagram showing data flow. 

[0192] Figure 102 is a flowchart showing a purchasing procedure of a KIOSK terminal. 

[01931 Figure 103 is a flowchart showing a purchasing procedure of a KIOSK terminal. 

[0194J Figure 104 is a flowchart showing a purchasing procedure of a KIOSK terminal. 

[0195] Figure 105 is a flowchart showing a purchasing procedure of a KIOSK terminal. 

[0196] Figure 106 is a flowchart showing another example of a purchasing procedure of a KIOSK terminal. 

[0197] Figure 107 is a flowchart showing another example of a purchasing procedure of a KIOSK terminal. 

[0198] Figure 108 is a diagram showing contents purchase prohibition list. 

[0199] Figure 109 is a diagram showing a contents redistribution/repurchase list. 

[0200] Figure 110 is a flowchart showing a procedure of contents redistribution/repurchase. 

[0201] Figure 111 is a block diagram showing another configuration of an electronic music distribution system. 

[0202J Figure 112 is a block diagram showing configuration of an electronic distribution service center of personal 

computer configuration. 

[0203] Figure 1 1 3 is a block diagram showing configuration of a contents provider of personal computer configuration. 
[0204] Figure 114 is a block diagram showing configuration of a service provider of personal computer configuration. 
[0205] Figure 115 is a block diagram showing configuration of a user home network using a personal computer. 
[0206] Figure 116 is a block diagram showing a conventional example. 

[0207] Figure 117 is a block diagram showing configuration of a conventional recording and reproducing apparatus. 
Best Mode for Carrying Out the Invention 

[0208] An embodiment of the present invention will be hereinafter described in detail with reference to the drawings. 
(1) Information distribution system 

[0209] Figure 1 is a diagram illustrating an EMD (Electronic Music Distribution) system 10 to which the present 
invention is applied. Contents to be distributed to a user by this system are digital data in which digital data itself has 
value and, in this example, a piece of contents corresponds to music data for one tune. Contents are provided to a 
user with a piece of contents as one unit (single) or a plurality of pieces of contents as one unit (album). The user 
purchases the contents (in fact, purchases a right to utilize a content key K^) and utilizes the contents to be provided 
(in fact, decodes the contents using the content key K^ to utilize the contents). Further, it goes without saying that the 
system is applicable not only to music data but also to all purchases of contents such as video, games programs and 
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the like. 

[021 0] An electronic service center (END service center) 1 transmits an individual key K, and a public key certificate 
of a content provider 2 to the content provider 2, transmits a public key certificate of a service provider 3 to the service 
provider 3, transmits a delivery key and registration information to a user home network 5, receives charge infor- 
5 mation or the like and registration information corresponding to use of contents from the user home network 5, settles 
an account of utilization fees based on the charge information, and performs processing for distributing profits to the 
content provider 2, the service provider 3 and the electronic distribution service center 1 itself. 

[021 1J The content provider 2 has digitized contents, inserts an electronic watermark in the contents in order to prove 
that the contents is its own, compresses and encrypts the contents, generates a handling policy of the contents, and 
10 transmits the contents to the service provider 3 with signature data added. 

[0212] The service provider 3 adds price information to the contents supplied by the content provider 2 via a network 
4 composed of a dedicated cable network, the Internet or satellite communication, and transmits the contents to the 
user home network 5 with signature data added. 

[021 3] The user home network 5 obtains the contents sent by the service provider 3 with the price information added, 
*5 purchases a content utilization right and executes purchase processing. The purchased utilization right may be, for 
example, a reproduction utilization right or a right to copy. Then, charge information generated by the purchase process- 
ing is stored in an tamper resistant memory in an encryption processing section, and is transmitted to the electronic 
distribution service center 1 when the user home network 5 obtains the delivery key from the electronic distribution 
service center 1 . 

20 [021 4] Figure 2 is a block diagram showing functions of the electronic distribution service center 1 . A service provider 
management section 11 supplies the public key certificate of the service provider 3 and information on profit distribution 
to the service provider 3, and at the same time, receives information (price information) to be attached to the contents, 
if necessary. A content provider management section 12 transmits an individual key K,, the individual key Kj encrypted 
by the delivery key K d , and the public key certificate of the content provider 2, and at the same time, supplies the 

25 information on profit distribution, and receives information (a handling policy) to be attached to the contents, rf neces- 
sary. A copying right management section 13 transmits information indicating results of content utilization of the user 
home network 5 to an organization managing copying rights, e.g., JASRAC (Japanese Society for Rights of Authors, 
Composers and Publishers). A key server 14 performs generation, maintenance, management of keys used for the 
entire system, and the individual key K, different for each content provider is generated and the individual key ^ en- 

30 crypted by the delivery key K d is generated together, which are supplied to the content provider 2 via the content 
provider management section 12, the individual key Kj encrypted by the delivery key is supplied to an authentication 
station 22, if necessary, and the delivery key K d is supplied to the user home network 5 via a user management section 
18. In addition, a public key and a secret key of the electronic distribution center 1 as well as a public key and a secret 
key peculiar to equipment maintained by the user are all generated and managed, the public keys are transmitted to 

35 the authentication station 22 to be utilized for preparing a public key certificate. Further, in some cases, a save key 
Ksave corresponding to an ID for each apparatus peculiar to an encryption processing section 92 to be described later 
is generated and maintained. 

[0215] An example of periodic transmission of a key from the electronic distribution service center 1 to the content 
provider 2 and a home server 51 (to be described later) forming the user home network 5 will be described with reference 

40 to Figures 3 through 6. Figure 3 shows the delivery key K d held by the electronic distribution service center 1, the 
individual key K jf the individual key Kj held by the content provider 2, and the delivery key K d held by the home server 
51 in January 2000 when the content provider starts provision of contents and the home server 51 forming the user 
home network 5 starts utilization of the contents. Further, although further description is omitted, the content provider 
2 also maintains the individual key K, encrypted by the delivery key K$ corresponding to the individual key Kj. 

45 [0216] In the example of Figure 3, the delivery key K d and the individual key K, are usable from the first day of a 
calendar month and the last day of the month, and for example, the delivery key being a version 1 having a value 
of "aaaaaaaa" that is a random number of a predetermined number of bits, and the individual key Kj being a version 
1 having a value "zzzzzzzz" are usable from January 1, 2000 until January 31, 2000 (i.e., the content key K^ for 
encrypting contents that the service provider 3 delivers to the user home network 5 in a period from January 1, 2000 

50 until January 31, 2000 is encrypted by the individual key Kj being the version 1, and the individual key Kj being the 
version 1 is encrypted by the delivery key K^j being the version 1), the delivery key being a version 2 having a value 
of "bbbbbbbb" that is a random number of a predetermined number of bits and the individual key Kj being a version 2 
having a value of "yyyyyyyy" are usable from February 1, 2000 until February 29, 2000 (i.e., the content key K^ for 
encrypting contents that the service provider 3 delivers to the user home network 5 during the period is encrypted by 

55 the individual key Kj being the version 2, and the individual key Kj being the version 2 is encrypted by the delivery key 
K d being the version 2). Similarly, the delivery key and the individual key K, being a version 3 is usable in March 
2000, the delivery key and the individual key Kj being a version 4 is usable in April 2000, the delivery key and 
the individual key Kj being a version 5 is usable in May 2000, the delivery key K d and the individual key Kj being a 
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version 6 is usable in June 2000. 

[0217] Prior to the content provider 2 starting to provide contents, the electronic delivery service center 1 transmits 
six individual keys ^ of the versions 1 through 6 that are usable from January until June 2000 and the individual keys 
each encrypted by the delivery key K d of the identical versions to the content provider 2. and the content provider 2 
5 receives and stores the six individual keys K t and the individual keys K t encrypted by the delivery keys The contents 
provider 2 stores the individual keys K, for six months ad the individual keys K, encrypted by the delivery keys 
because a predetermined period is needed for the content provider 2 to prepare for encryption and the like of the 
contents and the content key before providing the contents. 

[0218] In addition, prior to the home server 51 starting to utilize the contents, the electronic distribution service center 
io 1 transmits three delivery keys being the versions 1 through 3 that are usable from January until March 2000 to the 
home server 51 , and the home server 51 receives and stores the three delivery keys K^,. The home server 51 stores 
the delivery keys K d for three months in order to avoid such a situation in which contents cannot be purchased despite 
a contract term during which the contents can be purchased due to such a trouble that the home server 51 cannot 
connect to the electronic distribution service center 1 arising out of congestion f lines or the like, and in order to reduce 
15 load of fhe electronic distribution service center 1 by decreasing the frequency of connection to the electronic distribution 
service center 1 and controlling simultaneous accesses of respective apparatuses to the electronic distribution service 
center 1 . 

[0219] - During the period from January 1, 2000 until January 31, 2000, the delivery key and the individual key K, 
being the version 1 are utilized in the home server 51 forming the electronic distribution service center 1, the content 

20 provider 2 and the user home network 5. 

[0220] Transmission of the delivery key K d and the individual key Kj of the electronic distribution service center 1 to 
the content provider 2 and the home server 51 on February 1, 2000 will be described with reference to Figure 4. The 
electronic distribution service center 1 transmits six individual keys Kj of the versions 2 through 7 that are usable from 
February 2000 until July 2000 and the individual keys each encrypted by the delivery keys of the identical versions 

25 to the content provider 2, and the content provider 2 receives the six individual keys K, and the individual keys Kj 
encrypted by the delivery keys K d , overwrites the individual keys K t and the individual keys K, encrypted by the delivery 
keys K d that are stored before the receipt with the received keys, and stores the new individual keys K, and the individual 
keys Kj encrypted by the delivery keys The electronic distribution service center 1 transmits three delivery keys K<, 
being the versions 2 through 4 that are usable from February 2000 until April 2000 to the home server 51, and the 

30 home server 51 receives the three delivery keys K d , overwrites the delivery keys that are stored before receipt with 
the received keys, and stores the new delivery keys K^. The electronic distribution service center 1 stores the delivery 
keys K d being the versions 1 through 7 and the individual keys K } as they are. This is for the purpose of making the 
delivery keys K d utilized in the past to be available when an unexpected trouble occurs, or an illegality occurs or is found. 
[0221] During the period from February 1, 2000 until February 29, 2000, the delivery key ^ and the individual key 

35 Kj being the version 2 are utilized in the home server 51 forming the electronic distribution service center 1 , the content 
provider 2, and the user home network 5. 

[0222] Transmission of the delivery key K d and the individual key Kj of the electronic distribution service center 1 to 
the content provider 2 and the home server 51 on March 1, 2000 will be described with reference to Figure 5. The 
electronic distribution service center 1 transmits six individual keys Kj of the versions 3 through 8 that are usable from 

40 March 2000 until August 2000 and the individual keys each encrypted by the delivery keys of the identical versions 
to the content provider 2, and the content provider 2 receives the six individual keys Kj and the individual keys Kj 
encrypted by the delivery keys K d , overwrites the individual keys Kj and the individual keys Kj encrypted by the delivery 
keys K d that are stored before the receipt with the received keys, and stores the new individual keys K, and the individual 
keys K, encrypted by the delivery keys K<,. The electronic distribution service center 1 transmits three delivery keys K d 

45 being the versions 3 through 5 that are usable from March 2000 until May 2000 to the home server 51, and the home 
server 51 receives the three delivery keys overwrites the delivery keys that are stored before the receipt with 
the received keys, and stores the new delivery keys The electronic distribution service center 1 stores the delivery 
keys K d being the versions 1 through 8 and the individual keys Kj as they are. This is for the purpose of making the 
delivery keys K d utilized in the past to be available when an unexpected trouble occurs, or an illegality occurs or is found. 

50 [0223] During the period from March 1, 2000 until March 31 , 2000, the delivery key and the individual key Kj being 
the version 3 are utilized in the home server 51 forming the electronic distribution service center 1 , the content provider 
2, and the user home network 5. 

[0224] Transmission of the delivery key K d and the individual key Kj of the electronic distribution service center 1 to 
the content provider 2 and the home server 51 on April 1, 2000 will be described with reference to Figure 6. The 
55 electronic distribution service center 1 transmits six individual keys Kj of the versions 4 through 9 that are usable from 
April 2000 until September 2000 and the individual keys each encrypted by the delivery keys of the identical versions 
to the content provider 2, and the content provider 2 receives the six individual keys K, and the individual keys 
encrypted by the delivery keys K d , overwrites the individual keys K, and the individual keys Kj encrypted by the delivery 
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keys K d that are stored before the receipt with the received keys, and stores the new individual keys K, and the individual 
keys K| encrypted by the delivery keys K^. The electronic distribution service center 1 transmits three delivery keys K d 
being the versions 4 through 6 that are usable from April 2000 until June 2000 to the home server 51, and the home 
server 51 receives the three delivery keys K d , overwrites the delivery keys that are stored before the receipt with 

5 the received keys, and stores the new delivery keys The electronic distribution service center 1 stores the delivery 
keys K d being the versions 1 through 9 and the individual keys K, as they are. This is for the purpose of making the 
delivery keys K d utilized in the past to be available when an unexpected trouble occurs, or an illegality occurs or is found. 
[0225] During the period from April 1, 2000 until April 30, 2000, the delivery key K d and the individual key K t being 
the version 4 are utilized in the home server 51 forming the electronic distribution service center 1, the content provider 

10 2, and the user home network 5. 

[0226] In this way, by distributing the delivery keys and the individual keys Kj of the future months in advance, 
even if a user does not access the center at all for one or two months, the user can purchase contents for the time 
being, and can received the keys by accessing the center in a timely manner. 

[0227] History data management section 15 (Figure 2) of the electronic distribution service center 1 maintains and 

15 manages charge information that is information indicating results of utilization of the contents collected by the user 
management section 18, price information (any one or both of information sent from the service provider 3 and infor- 
mation added to the charge information and sent by the user) corresponding to the contents, if necessary, and a 
handling policy (any one or both of information sent from the content provider 2 and information added to the charge 
information and sent by the user) corresponding to the contents, if necessary, and outputs data when the service 

20 provider management section 11, the content provider management section 12 or the like utilizes the charge informa- 
tion, the utilization history or the like. Further, the price information and the handling policy may not be sent from the 
service provider 3 or the content provider 2, if necessary data is written in the charge information. Profit distribution 
section 1 6 calculates profits of the electronic distribution service center 1 , the content provider 2 and the service provider 
3 based on the charge information, the price information, if necessary, and the handling policy supplied from the history 

25 data management section 15. The information is supplied to receipt and disbursement section 20, and in some cases, 
profit distribution is performed via the receipt and disbursement section 20, or in other cases, payment distribution is 
not performed and only the information is transmitted to the service provider management section 11, the content 
provider management section 12, and the copying right management section 13, sales itself is paid to the service 
provider, and the service provider 3 distributes the profit to each beneficiary. Mutual authentication section 17 executes 

30 mutual authentication to be described later with predetermined apparatuses in the content provider 2, the service 
provider 3 and the user home network 5. 

[0228] The user management section 18 has a user registration database, and when receiving a request for regis- 
tration from an apparatus of the user home network 5, retrieves through the user registration database, and prepares 
registration information to the effect that the apparatus is to be registered or to be rejected registration or the like 

35 depending on the recorded contents. When the user home network 5 is composed of a plurality of apparatuses having 
a function capable of connecting to the electronic distribution service center 1, the user management section 18 pro- 
vides for an apparatus to be settled in the registration information, registers a settlement ID, and further provides for 
a scope of apparatuses forming the user home network, provides for information such as suspension of trade, and 
transmits the information to a predetermined apparatus (an apparatus that can be settled) of the user home network 5. 

40 [0229] An example of the user registration database shown in Figure 7 illustrates a registration state for each network 
group established in the user home network 5, and a group ID indicating a group, an ID peculiar to an apparatus forming 
the home network 5, and information corresponding to the ID such as whether or not connection is possible with the 
electronic distribution service center 1, whether or not settlement processing is possible, whether or not contents can 
be purchased, which apparatus performs the settlement processing, which apparatus requests purchase of the con- 

45 tents, whether or not registration is possible, or the like are recorded in each group. 

[0230] The group ID recorded in the user registration database is allocated to each user home network, and settle- 
ment and update of information are performed by this group unit. Therefore, in principle, a representative apparatus 
in the group collectively performs communication, settlement processing and information update with the electronic 
distribution service center 1, and other apparatuses in the group do not directly communicate with the electronic dis- 

50 tribution service center 1. The ID recorded in the user registration database is the ID allocated to each apparatus 
separately and is used for identifying an apparatus. 

[0231] Information on whether or not connection with the electronic distribution service center 1 recorded in the user 
registration database is possible indicates whether or not it possible to physically connect with the electronic service 
center 1, and even an apparatus recorded as capable of connecting, other than an apparatus recorded as capable of 
55 performing settlement processing, cannot be connected to the electronic distribution service center 1 in principle. (How- 
ever, if a representative apparatus in a group does not perform settlement processing operation due to some reason, 
an apparatus can be temporarily connected to the electronic distribution service center 1 as a proxy.) In addition, an 
apparatus recorded as not capable of connecting outputs charge information or the like to the electronic distribution 
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service center 1 via an apparatus capable of performing settlement processing of the user home network 5. 
[0232J Information on whether or not the settlement processing recorded in the user registration database is possible 
indicates whether or not the apparatus can make a settlement. When the user home network 5 is composed of a 
plurality of apparatuses that are capable of performing purchase or the like of utilization right of contents, one apparatus 

5 that can perform settlement processing among the apparatuses transmits charge information, price information, if 
necessary, and a handling policy of all the apparatuses registered in the electronic distribution service center 1 of the 
user home network 5 to the electronic distribution service center 1 , and receives the delivery key and the registration 
information from the electronic distribution service center 1 according to the completion of the settlement processing. 
In this way, processing of the electronic distribution service center 1 is reduced compared with performing processing 

10 for each apparatus. 

[0233] Information on whether or not purchase processing recorded in the user registration database indicates wheth- 
er or not the apparatus can purchase the utilization right of contents. An apparatus that is incapable of purchasing 
obtains the utilization right of the contents by performing proxy purchase (this means that another apparatus purchases 
the right and all the right is assigned. No right remains in the supplier side) of the utilization right from another apparatus 

15 capable of purchasing, re-distribution (this means a method in which the utilization right of contents already purchased 
is purchased again with identical contents of the utilization right or different contents of the utilization right and supplied 
to another apparatus. In this case, no right remains in the supplier side. Main purpose of re-distribution is to make a 
discount. The privilege of discount is granted on condition that an apparatus belongs to a group that uses an identical 
settlement ID. This is because processing burden of the electronic distribution service center 1 is reduced in processing 

20 within the group using the identical settlement ID, and therefore a discount is granted in return), or management transfer 
(although a content reproduction righVparticularly an indefinite reproduction right can be transferred, which apparatus 
is a reproduction right receiver is managed in a reproduction right transmitter, and when the reproduction right is not 
returned, the management transfer cannot be performed at all again, and the reproduction right can only be returned 
to the reproduction right transmitter that gave the reproduction right). 

25 [02341 Here, a utilization method/a utilization right and purchase method of contents will be briefly described. As a 
utilization method of contents, there are two methods, namely a method in which a user itself manages and maintains 
the utilization right of contents, a method in which a user executes the utilization right held by another apparatus and 
utilizes the right in the user* s own apparatus. As the utilization right of contents, there are an unlimited reproduction 
right (a right without any limit on a period and the number of times of reproduction of contents; if the contents is music. 

30 contents, the reproduction is sound reproduction, and if the contents is a game program or the like, the reproduction 
is execution), a reproduction right with limited number of times (a right with the number contents can be reproduced 
is limited), an unlimited copying right (a right without any limit on a period and the number of times of copying contents), 
a copying right with limited number of times (a right with limit on the number of times of copying contents) (as a copying 
right, there are a copying right without copy management information, a copying right with copy management informa- 

35 tion (SCMS), other copying rights for special purpose media, and the like) (in addition, in some cases, there is a copying 
right with a limit of time), and a management transfer right. As a method of purchasing the utilization right, there are 
utilization right content change for changing contents of the utilization right already purchased to other contents, re- 
distribution for separately purchasing the utilization right based on the right already purchased by another apparatus, 
proxy purchase for having another apparatus to purchase the utilization right on behalf of the user's apparatus, album 

40 purchase for collectively purchasing and managing a plurality of contents utilization rights, and the like in addition to 
ordinary purchase for directly purchasing the above mentioned utilization rights. 

[0235J Information written in a proxy settler recorded in the user registration database indicates an ID of an apparatus 
which is made to transmit charge information generated when the utilization right of contents is purchased to the 
electronic distribution service center 1 on behalf of the user's apparatus. 
45 [02361 ln formation written in a proxy purchaser recorded in the user registration database indicates an ID of an 
apparatus which performs purchase of the utilization right on behalf of an apparatus that is incapable of purchasing 
the utilization right of contents. However, if all the apparatuses within the group that can perform purchase processing 
are appointed as proxy purchasers, it is not specifically necessary to make a record. 

[0237J Information on whether or not a registration recorded in the user registration database is possible is updated 
50 based on information on outstanding charge, illegal processing or the like supplied from a settlement organization (e. 
g., a bank) or a credit card company. In response to a request for registration of an apparatus having an ID that is 
recorded as registration unavailable, the user management section 18 rejects its registration, and the apparatus re- 
jected registration not only cannot purchase contents of this system but also cannot transmit or receive data between 
other apparatuses within the user home network 5 thereafter. In addition, in some cases, utilization of purchased con- 
55 tents is also limited. (However, an apparatus may be registered again after it is brought in the electronic distribution 
service center 1 or the like and completed inspection.) In addition, a state such as "settlement unprocessed," "temporary 
suspension" or the like may exist in addition to "registration available" and "registration unavailable." 
[02381 In addition, the user management section 18 is supplied charge information, registration information, price 
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information, if necessary, and a handling policy from an apparatus in the user home network 5. an outputs the charge 
information! price information and the handling policy to the history data management section 15 and supplies the 
delivery key K d and the registration information to the apparatus in the user home network 5. Timing for supplying will 
be described later. 

5 [0239J Here, the registration information will be described with reference to Figure 8. Registration information of 
Figure 8 is added a settlement ID and a signature in addition to information in the user registration database, and only 
includes information of an identical settlement group. The settlement ID indicates an ID of a user within the user infor- 
mation database (e.g., a bank account number and a credit card number) that charge billing section 19 and the receipt 
and disbursement section 20 use when performing settlement. Generation of a signature will be described later. 

10 [0240] Returning to Figure 2, the charge billing section 19 calculates a charge to a user based on the charge infor- 
mation, the price information, if necessary, and the handling policy supplied from the history data management section 
15, and supplies the results to the receipt and disbursement section 20. In addition, the charge billing section 19 
supplies settlement information to the user via the user management section 18, if necessary. The receipt and dis- 
bursement section 20 communicates with an external bank or the like (not shown) erased on the amounts of disburse- 

15 ments and utilization fees to be collected to and from the user, the content provider 2 and the service provider 3, jand 
executes settlement processing. Further, in some cases, the receipt and disbursement section 20 sends ail the sales 
to the service provider 3, and the service provider 3 distributes profits based on distribution money information trans- 
mitted via the profit distribution section 16. An audit section 21 audits justification of the charge information, the price 
information and the handling policy supplied from the apparatus in the user home network 5 in view of the handling 

20 policy supplied from the content provider 2 and the price information supplied from the service provider 3. 

[0241] In addition, as the processing of the audit section 21 , there are processing for auditing matching of an amount 
inputted from the user home network 5 and a total amount of distributed profits or an amount sent to the service provider 
3, and processing for auditing whether or not, for example, a content provider ID and a service provider ID that could 
not exist or a share, a price or the like that are improbable exist in data within the charge information supplied from the 

25 apparatus in the user home network 5. 

[0242] The authentication station 22 generates a certificate of the public key supplied from the key server 14, supplies 
the certificate to the content provider 2 and the service provider 3, and also generates a public key certificate to be 
stored in a mass storage section 68 (to be described later) of the home server 51 and in small storage section 75 (to 
be described later) of a fixed apparatus 52 when a user apparatus is manufactured. If the content provider 2 does not 

30 perform authoring of contents, as an alternative method, there are a content server 23 for holding the contents and a 
content authoring 24. 

[0243] Figure 9 is a block diagram showing a configuration of functions of the content provider 2. The content server 
31 stores contents to be supplied to a user, and supplies the contents to an electronic watermark adding section 32. 
The electronic watermark adding section 32 inserts a content provider ID in the contents supplied from the content 

35 server 31 in the form of an electronic watermark indicating the contents are properties of the user, and supplies the 
contents to a compression section 33. The compression section 33 compresses the contents supplied from the elec- 
tronic watermark adding section 32 by the method of ATRAC (Adaptive Transform Acoustic Coding) (trademark) or the 
like, and supplies the contents to a content encryption section 34 that is content encryption means. Incidentally, a 
method such as MP3, AAC or the like can be used as a compression method instead of ATRAC. The content encryption 

40 section 34 encrypts the contents compressed by the compression section 33 by a common key encryption method 
such as DES (Data Encryption Standard) using a key supplied from a content key generation section 35 (the key is 
hereinafter referred to as a content key 9), and outputs the results to a signature generation section 38 that is 
transmission means. 

[0244] The content key generation section 35 generates random numbers of a predetermined number of bits to be 
45 the content key K^, and supplies the random numbers from which bit rows inappropriate for encryption called a weak 

key (e.g., ^=1 E1 E1 E1 EOE0EOE0E, 1 EE01 EE00EF00EF0 or the like) are removed to the content encryption section 
* 34 and the content key encryption section 36. When an encryption algorithm without such an'inappfopriate bit row is 

used, processing for removing an inappropriate bit row is unnecessary. The content key encryption section 36 encrypts 

the content key by a common key encryption method such as DES using the individual key K, supplied from the 
50 electronic distribution service center 1 , and outputs the results to the signature generation section 38. Incidentally, the 

encryption method is not limited to DES, and a public key encryption method such as RSA (Rivest, Shamir, Adleman) 

may be used. 

[0245] DES is the encryption method for processing with 64 bits of plain text as one block using a common key of 
56 bits. Processing of DES consists of a part for agitating a plain text to convert it to an encryption text (a data agitation 
55 section) and a part for generating a key (enlarged key) to be used in the data agitation section from the common key 
(a key processing section) . Since al the algorithms of DES are made public, only basic processing of the data agitation 
section will be briefly described. 

[0246] First, the plain text 64 bits are divided into HO of the upper 32 bits and L0 of the lower 32 bits. An output of 
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an F function that is the agitated LO of the lower 32 bits with the enlarged key K1 of 48 bits supplied from the key 
processing section and LO of the lower 32 bits as inputs. The F function consists of two types of basic conversions of 
"letter replacement" for replacing a numeral value with a predetermined rule and "permutation" for changing a bit 
position with a predetermined rule. Then, HO of the upper 32 bits and the output of the F function are exclusively 
5 logically summed, and the results are designated as L1. LO is designated as H1. 

[0247] Based on HO of the upper 32 bits and LO of the lower 32 bits, the above-mentioned processing is repeated 
sixteen times, and the resulted H16 of the upper 32 bits and L16 of the lower 32 bits are outputted as an encrypted 
text. Decryption is realized by tracing the above-mentioned procedures conversely using the common key used for 
encryption. 

10 [0248] Further, although DES is shown as a common key encryption in this embodiment, either FEAL (Fast Encryption 
Algorithm), IDEA (International Data Encryption Algorithm), or E2 proposed by NTT (trademark) or AES (Advanced 
Encryption Standard) that is the next encryption standard of the United States may be used. 

[0249] A handling policy generation section 37 generates a handling policy of contents and outputs the handling 
policy to the signature generation section 38 corresponding to contents to be encrypted. Further, in some cases, the 

15 handling policy generation section 37 supplies the generated a handling policy to the electronic distribution service 
center 1 via communicating means (not shown), and the data is maintained and managed. The signature generation 
section 38 adds an electronic signature to the encrypted content key K^, the encrypted individual key Kj and the 
handling policy, and transmits them to the service provider 3 together with a certificate of the content provider 2. 
(The encrypted contents, the encrypted content key K^, the encrypted individual key K, and the handling policy to 

20 each of which the electronic signature is added using a secret key of the content provider 3 are hereinafter referred to 
as a content provider secure container.) Further, one signature may be added to entire data instead of adding a signature 
separately to respective data. 

[0250] A mutual authentication section 39 mutually authenticates with the electronic distribution service center 1, 
and mutually authenticate with the service provider 3 prior to transmitting the content provider secure container to the 

25 service provider 3, if necessary. Since a memory 4 OA holds the individual key that the content provider 2 must hold 
secretly, a tamper resistant memory that is not easily read by a third party is desired, but no specific hardware limitation 
is necessary. (For example, the memory may be a hard disk existing in a room to which entry is managed, a hard disk 
of a personal computer that is managed by a password, or the like.) In addition, since a memory 40B only stores the 
individual key that is encrypted by the delivery key K d and the public key certificate of the content provider 2, the 

30 memory may be any ordinary storage device or the like since it is information made public, there is no need to keep it 
secret) . Further, the memories 4 OA and 40B may be united. 

[0251] The signature, which is attached to data or a certificate to be described later, is data for checking tamper and 
authenticating a person preparing the certificate, and is prepared by finding a hash value by a hash function based on 
data that is desired to be transmitted and using a secret key of a public key encryption. 

35 [0252] The hash function and the signature will be described. The hash function is a function for obtaining predeter- 
mined data that is desired to be transmitted, compressing the data into data with a predetermined bit length, and 
outputting the data as a hash value. The hash function has a characteristic that is difficult to estimate an input from 
the hash value (output), and when one bit of the data inputted in the hash function changes, many bits of the hash 
value change, and it is difficult to find out input data having the identical hash value. As the hash function, MD (Message 

40 Digest) 4, MD 5, SHA (Secure Hash Algorithm) -1 and the like are used. 

[0253] The signature generation section 38 of a transmission apparatus (the content provider 2) for transmitting data 
and a signature, for example, generates a signature using an elliptical curve encryption that is a public key encryption 
method. The processing will be described with reference to Figure 10 (EC-DSA (Elliptic Curve Digital Signature Algo- 
rithm), IEEE P1363/D3). In step S1, M is a message, p is a characteristic, a and b are coefficients of an elliptic curve 

45 (elliptic curve: y 2 =x 3 +ax+b), G is a base point on the elliptic curve, r is a digit of G, and Kg is a secret key (0<K3<r). In 
step S2, a random number u is generated by the random number generation unit such that 0<u<r. In step S3, coordinates 
where the base point is multiplied by u are calculated. Further, an addition on the elliptic curve and a two times multi- 
plication are defined as follows: When 

50 P=(X 0 , Y 0 ), Q= (X v Y 1 ), R= (X 2 , Y 2 ) =P+Q, and P*Q, 

X 2 = X ~Xq-X -j 

55 

Y 2 =X (Xq-X 2 )-Yq 



17 



5 



10 



BP 1 128 598 A1 

X-PT^YoVlXi-Xo) 

When P=Q, 



X 2 = X ~2Xq 



Y 2 =X(X 0 -X 2 )-Y 0 



X= (3X 0 2 +a)/2Y 0 



15 and u times the point G is calculated using the above equations (Most understandable though slow operation method 
is as follows: calculate G, 2G, 4G .... and add to where there is 1 by binary number developing u corresponding (2') 
xG (i is a bit position when counted from LSB of u) ) . In step S4, c=\ mod r is calculated, in step S5, it is determined 
if the value is 0, and if it is not 0. the processing proceeds to step S6, where the hash value of the message M is 
calculated, and f=SHA-1 (M). Then, in step S7, d=[(f+cK s )/u] mod r is calculated, and in step S8. it is determined if d 

20 is 0. If d is not 0, c and will be signature data. Assuming that r has the length of 160 bits, the signature data has 320 
bit length. 

[0254J In step S5, if c is 0, the processing returns to step S2 and a new random number is generated. If d is 0 in step 
S8, the processing also returns to step S2 and another random number is generated. 

[0255] A receiving apparatus (the user home network 5) having received the signature and the data, for example, 
25 verifies the signature using the elliptic curve encryption that is a public key encryption method. The processing will be 
described with reference to Figure 11. In step S10, M is a message, p is a characteristic, a and b are coefficients of 
the elliptic curve (elliptic curve: y 2 =x 3 +ax+b). G is a base point on the elliptic curve, r is a digit of G. G and I^G are 
public keys (0<K s <r). In step S11. it is inspected if the signature data c and d satisfy 0<c. d<r. If the signature data 
satisfy this in step S12, the hash value of the message M is calculated, andf=SHA-1 (M). Then, in step S13, h=1/dmod 
30 r is calculated, and in step S14 h^fh, h 2 =ch mod r is calculated. In step S15. P=(Xp, Y p )=h 1 G+h 2 K s G is calculated 
using already calculated h n and h 2 . Since a verifier of the signature knows the public keys G and KgG, calculation can 
be made as in step S3. Then, in step S1 6. it is determined if P is an infinite apoastron, and if it is not an infinite apoastron. 
the processing proceeds to step S17 (infact, the determination of the infinite apoastron is completed in step S15. That 
is, when an addition of P=(X, Y). Q=(X. -Y) is performed, it has been found that the aforementioned X cannot be 
35 calculated, and R is the infinite apoastron. In step S17, X p mod r is calculated, and the result is compared with the 
signature data c. If both the values match, the processing proceeds to step S18. and it is determined that the signature 
is correct. 

[0256] If the signature is determined to be correct, it is seen that the received data is not tampered, and is the data 
transmitted from the transmission apparatus holding the secret key corresponding to the public key. 
40 [0257] In step S11, if the signature data c and d do not satisfy 0<c, d<r, the processing proceeds to step S19. In 
addition, in step S16. if P is the infinite apoastron, the processing also proceeds to step S19. Moreover, in step S17, 
if the value of X p mod r does not match the signature data c, the processing also proceeds to step S19. In step S19, 
it is determined that the signature is not correct. 

[0258] If it is determined that the signature is not correct, it is seen that the received data is tampered or is not data 
45 transmitted from the transmission apparatus holding the secret key corresponding to the public key. 

[0259] Further, although SHA-1 is used as the hash function in this embodiment, any function such as MD4, MD 5 
and the like may be used. In addition, generation and verification of a signature may be performed using an RSA 
encryption (ANSI X9.31-1). 

[0260] Encryption and decryption of the public key encryption method will now be described. Contrary to the common 
so key encryption method using an identical key (common key) in encryption and decryption, the public key encryption 
method uses different keys to be used for encryption and decryption respectively. If the public key encryption method 
is used, even if one key is made public, the other key can be kept secret, and the key that may be made public is called 
a public key and the other key that should be kept secret is called a secret key. 

[0261] The elliptic curve encryption method that is representative of the public key encryption method will be de- 
55 scribed. In Figure 12, in step S20, M x and M y are messages, p is a characteristic, a and b are coefficients of an elliptic 
curve (elliptic curve: y 2 =x 3 +ax+b), G is a base point on the elliptic curve, r is a digit of G, G and I^G are public keys 
(0<K s <r). In step S21, a random number u is generated such that 0<u<r. In step S22. coordinates V that are u times 
the public key K S G. Further, since scalar times on the elliptic curve is identical with the method described in the signature 
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generation, description is omitted here. In step S23, the X coordinates of V are multiplied by M x to find a balance by 
p, which is X 0 . In step S24, the Y of V is multiplied by My to find a balance by p, which is Y 0 . Further, if the length of 
the message is smaller than the number of bits of p, My uses a random number, and My is cancelled in the decryption 
section. In step S25, uG is calculated, and in step S26, a cryptogram uG, (Xq, Y 0 ) is found. 

5 [0262] Decryption of the public key encryption method will now be described with reference to Figure 13. In step 
S30, uG, (X 0 , Y 0 ) is cryptogram data, p is a characteristic, a and b are coefficient of an elliptic curve (elliptic curve: 
y 2 =x 3 +ax+b) ( G is a base point on the elliptic curve, r is a digit of G, and Kg is a secret key (0<Ks<r). In step S31, the 
encryption data uG is multiplied by the secret key Kg. In step S32, the X coordinates of (Xq, Y 0 ) among the encryption 
data is taken out, and X^X^ mod p is calculated. In step S33. Y^Y^ mod p is calculated. Then, in step S34, X n 

10 is Mjj and Y 1 is M y to take out the message. Then, if My is not the message, Y 1 is cancelled. 

[0263] In this way, in the public key encryption method, with the secret key being Kg and the public keys being G. 
K S G, a key to be used for encryption and a key to be used for decryption may be different keys. 
[0264] In addition, as another example of the public key encryption method, the RSA encryption (Rivest, Shamir, 
Adlemaji) is known. 

15 [0265] Figure 1 4 is a block diagram showing a configuration of the service provider 3. A content sever 4 1 stores the 
public key certificate and the encrypted contents of the content provider 2 that are supplied from the content provider 
2. The public key certificate of the content provider 2 is verified a signature on the certificate by the public key of the 
authentication station 22 in a certificate inspection section 42, and if the verification is successful, the public key of the 
content provider 2 is supplied to the signature verification section 43. In the signature verification section 43. the sig- 

20 nature of the content provider 2 with respect to the handling policy stored in the content server 41 is verified using the 
public key of the content provider 2 that is verified before, and if the verification is successful, the handling policy are 
supplied to a pricing section 44. In the pricing section 44, price information is prepared from the handling policy and 
supplied to a signature generation section 45. In the signature generation section 45, a signature with respect to the 
price information is generated using the secret key of the service provider 3 held in a tamper resistant memory (not 

25 shown) (as in 40A of the content provider 2) (the content provider secure container and the price information with an 
electronic signature added using the secret key of he service provider 3 are hereinafter referred to as a service provider 
secure container). Further, one signature may be generated for the entire content provider secure container and price 
information instead of adding a signature to the price information. Then, the service provider secure container, the 
public key certificate of the content provider 2 and the public key certificate of the service provider 3 are supplied to 

30 the user home network 5 via the network 4 (Figure 1). A mutual authentication section 46 mutually authenticates with 
the electronic distribution service center, and if possible, mutually authenticates with the user home network 5 via the 
content provide, the Internet, cable communication or the like, if necessary. 

[0266] Figure 15 is a block diagram showing a configuration of the user home network 5. A home server 51 receives 
a secure container containing contents from the service provider 3 via the network 4, purchases the utilization right of 

35 the contents, and performs decryption, extension, reproduction and copying of the contents by executing the right. 
[0267] The communication section 61 communicates with the service provider 3 or the electronic distribution service 
center 1 via the network 4, and receives or transmits predetermined information. An upper controller 62 receives a 
signal from inputting means 63, displays a predetermined message or the like on displaying means 64, performing 
utilization right purchase processing or the like by utilizing an encryption processing section 65, supplies encrypted 

40 contents read out from mass storage section 68 to an extension section 66, and stores the encrypted contents in the 
mass storage section 68. The inputting means 63 transmits a signal from a remote controller or input data from an 
input button to the upper controller 62. The displaying means 64 is composed of a display device such as a liquid 
crystal display, and sends an instruction to a user and displays information. The inputting means 63 and the displaying 
means 64 become a touch panel liquid crystal display or the like, if necessary, ad may be united as one means. The 

45 encryption processing section 65 mutually authenticates with the service provider 3, the electronic distribution service 
center 1 or. encryption processing sections of other apparatuses, purchases the content utilization right, and at the 
same time/performs encryption/decryption of predetermined data, manages an external memory that holds the content 
key and licensing conditions information, and further stores the delivery key K d , the charge information or the like. 
The extension section 66 mutually authenticates with the encryption processing section 65 to receive the content key 

50 Koo, decrypts the encrypted contents supplied from the upper controller 62 using the content key K^, extends the 
contents by a predetermined method such as ATRAC, and further inserts a predetermined electronic watermark in the 
contents. The external memory 67 is composed of a nonvolatile memory such as a flash memory or a nonvolatile 
memory with a back-up power source, and stores the content key decrypted by the save key K^^ and the license 
conditions information. The mass storage section 68 is a storage device such as an HDD or an optical disk, which 

55 stores the content provider secure container and the service provider secure container (the encrypted contents, the 
content key encrypted by the individual key K it the individual key K, encrypted by the delivery key K^, the handling 
policy, the price information and the signatures on them), the public key certificate, the registration information or the like. 
[0268] The encryption processing section 65 for mutually authenticating with the electronic distribution service center 
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1 , purchasing the content utilization right and, at the same time, generating the charge information, performing decryp- 
tion/encryption of predetermined data, managing an external memory holding the content key K^, and the license 
conditions information, and further storing the delivery key K^, the charge information or the like is composed of a 
control section 91 , a storage module 92, a registration information inspection module 93, a purchase processing module 

5 94, a mutual authentication module 95, an encryption/decryption module 96, and an external memory control section 
97! The encryption processing section 65 is composed of a single chip IC exclusively for encryption processing, has 
a multilayered structure, and has characteristics for making it difficult to read out data illegally from outside (tamper 
resistant feature) in that a memory cell inside is sandwiched by dummy layers such as aluminum layers and a width 
of voltage or frequency of operation is narrow. 

10 [0269] The control section 91 controls each module according to a command from the upper controller 62, and at 
the same time, returns a result from each module to the upper controller 62. The storage module 92 stores data such 
as the charge information supplied from the purchase processing module 94 and the delivery key K4, and supplies 
data such as the delivery key when other function blocks execute predetermined processing. The registration in- 
formation inspection module 93 inspects the registration information supplied from the upper controller 62, and deter- 

15 mined whether or not to mutually authenticate with other apparatuses in the user home network 5, whether or not to 
accept the charge information, whether or not to perform re-distribution or the like of the contents. The purchase 
processing module 94 generates license conditions information anew from the handling policy and the price information 
(as well as already hotding license conditions information depending on a case) included in the secure container re- 
ceived from the service provider 3 to output to the external memory control section 97 or the control section 91,-and 

20 generates charge information to output to the storage module 92. The mutual authentication module 95 executes 
mutual authentication with the electronic distribution service center 1, the encryption processing sections of other ap- 
paratuses in the home network 5 and the extension section 66, and generates a temporary key K,^ (a session key), 
if necessary to supply to the encryption/decryption module 96. 

[0270] The encryption/decryption module 96 is composed of a decryption unit 111, an encryption unit 112, a random 
25 number generation unit 113, a signature generation unit 114, and a signature verification unit 115. The decryption unit 
111 decrypts the individual key K t encrypted by the delivery key decrypts the content key encrypted by the 
individual key Kj, and decrypts various kinds of data encrypted by the temporary key K^p. The encryption unit 112 
encrypts the decrypted content key by the save key held in the storage module 92 to output to the external 
memory control section 97 via the control section 91, and encrypts various kinds of data by the temporary key K^p. 
30 The random number generation unit 113 generates a random number of a predetermined number of figures, and 
supplies the random number to the mutual authentication module 95 or the signature generation unit 114. The signature 
generation unit 114 calculates the hash value of the message supplied from the control section 91, and generates 
signature data using the random number supplied from the random number generation unit 113 to output to the control 
section 91. The signature verification unit 115 determines whether or not the signature is correct from the message 
35 and the signature data supplied from the control section, and output the results to the control section 91 . Further, the 
generation/verification method of the signature is the same as the case described above with reference to Figures 10 
and 11. 

[0271] The external memory control section 97 reads and writes data by controlling the external memory 67, and 
performs data verification to find if the data in the external memory has been tampered. Figure 16 is a block diagram 

40 illustrating operations of the external memory control section 97. In Figure 16, N hash values for preventing tampering 
(integrity Check Value) are stored in the storage module 92. The external memory 67 is divided into N blocks of data 
regions, and each data region is made such that M sets of content key and the license conditions information can 
be written. In addition, other regions that can be used freely are also prepared in the external memory 67. The hash 
value ICV for preventing tampering has a hash value for all the data in the external memory 67 corresponding to the 

45 hash value ICV. Reading procedures and writing procedures of the external memory will be described later using a 
flowchart. 

[0272J The extension section 66 (Figure 15) for decrypting and extending contents and adding a predetermined 
electronic watermark is composed of a mutual authentication module 101, a key decryption module 102, a decryption 
module 103, an extension module 104, an electronic addition module 105 and a storage module 106. The mutual 

50 authentication module 1 01 mutually authenticates with the encryption processing section 65, and outputs the temporary 
key K temp to the key decryption module 102. The key decryption module 102 decrypts by the temporary key the 
content key read out from the external memory 67 and encrypted by the temporary key K,^ to output to the 
decryption module 1 03. The decryption module 1 03 decrypts the contents recorded in the mass storage section 68 by 
the content key to output to the extension module 104. The extension module 104 further extends the decrypted 

55 contents with a method such as ATRAC to output to the electronic watermark addition module 105. The electronic 
watermark addition module 105 inserts to the contents the individual ID of the encryption processing section to which 
the purchase processing has been applied using the electronic watermark technology to output to other apparatuses 
or a speaker (not shown), and reproduces music. 
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[0273] Key data required for the mutual authentication with the encryption processing section 65 is stored in the 
storage module 106. Further, the extension section 66 is desirably provided with the tamper resistant feature. 
[0274] The external memory 67 stores the license conditions information generated when the right is purchased in 
the purchase processing module 94 and the content key K^, encrypted by the save key K^^. The mass storage section 
5 68 records the secure container, the public key certificate, the registration information or the like supplied from the 
service provider 3. 

[0275] Tne r,xed apparatus 52 for recording the contents supplied from the service provider 3 in an inserted recording 
medium 80 such as an optical disk and a semiconductor memory and reproducing the recording media is composed 
of a communication section 71, an upper controller 72, an encryption processing section 73, an extension section 74, 

10 a small storage section 75, a record reproduction section 76, inputting means 77, displaying means 78, an external 
memory 79 and a recording medium 80. Since the communication section 71 has the same function as the communi- 
cation section 61, its description is omitted. Since the upper controller 72 has the same function as the upper controller 
62, its description is omitted. Since the encryption processing section 73 has the same function as the encryption 
processing section 65, its description is omitted. Since the extension section 74 has the same function as the extension 

15 section 66, its description is omitted. Although the small storage section 75 has the same function as the mass storage 
section 68, contents themselves are not stored and only the public key certificate, the registration information or the 
like are stored. The record reproduction section 76 has the recording medium 80 such as an optical disk and a semi- 
conductor memory inserted therein, records contents in the recording medium 80 and output the read out contents to 
the extension section. Since the inputting means 77 has the same function as the inputting means 63, its description 

20 is omitted. Since the displaying means 78 has the same function as the displaying means 64, its description is omitted. 
Since the external memory 79 has the same function as the external memory 67, its description is omitted. The recording 
medium 80 is, for example, an MD (Mini Disk: trademark) or a storage medium exclusively used for electronic distribution 
(Memory Stick using a semiconductor memory: trademark). 

[0276] A portable apparatus 53 that is carries by a user to reproduce and enjoy music is composed of a communication 
25 section 81, an upper controller 82, an encryption processing section 83, an extension section 84 and an external 
memory 85. Since the communication section 81 has the same function as the communication section 61 , its description 
is omitted. Since the upper controller 82 has the same function as the upper controller 62, its description is omitted. 
Since the encryption processing section 83 has the same function as the encryption processing section 65, its descrip- 
tion is omitted. Since the extension section 84 has the same function as the extension section 66, its description is 
30 omitted. Since the external memory 85 has the same function as the external memory 67, its description is omitted. 
However, these memories are not limited to a semiconductor memory, and may be any memory such as an HDD and 
a rewritable optical disk. 

[0277] Figure 17 illustrates a configuration of the recording media exclusively for electronic distribution. A recording 
medium 120 for storing electronically distributed contents is composed of a communication section 121 , the encryption 

35 processing section 122, and the external memory 123. The communication section 121 performs transmission and 
reception of data with the record reproduction section 76 of the fixed apparatus 52 (Figure 15). Since the encryption 
processing section 122 for mutually authenticating with the fixed apparatus 52, being assigned the content utilization 
right, performing decryption/encryption of predetermined data, managing the external memory holding the content key 
K^, the license conditions information and the like, and storing the save key or the like has a configuration having 

40 the same function as the encryption processing section 65, its description is omitted. The external memory 123 stores 
the content key encrypted by the save key K^^, contents encrypted by the content key K^, the license condition 
information providing conditions for use of the contents, a handling policy, if necessary, and price information. 
[0278] The recording media exclusively for electronic distribution 120 has a method of using different from the re- 
cording medium described for the fixed apparatus 52. While the ordinary recording medium 80 is a substitute for the 

45 mass storage section 68, the recording medium exclusively for electronic distribution 120 is not different from a portable 
apparatus that does not have the extension section. Therefore, although an apparatus such as the fixed apparatus 52 
having the extension section 74 is necessary when reproducing contents, the recording medium exclusively for elec- 
tronic distribution 120 can perform processing similar to that of the home server 51 or the portable apparatus 53 con- 
cerning the function for managing the contents or the like. Due to these differences, while contents recorded in the 

50 ordinary recording medium 80 cannot be reproduced by an apparatus other than the one that has recorded the same, 
contents recorded in the recording medium exclusively for electronic distribution 120 can be reproduced by an appa- 
ratus other than the one that has recorded the same. That is, since the ordinary recording medium 80 only has contents 
encrypted by the content key K^, the contents cannot be reproduced by an apparatus other than the one that has (has 
recorded) the content key K^. On the other hand, since the recording medium exclusively for electronic distribution 

55 120 retains not only the contents encrypted by the content key but also the content key K m encrypted by the save 
key peculiar to the recording medium exclusively for electronic distribution, the contents can be reproduced by 
other apparatuses. 

[0279] That is, after performing mutual authentication between the mutual authentication module 128 of the encryp- 
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tion processing section 122 and the mutual authentication module (not shown) of the encryption processing section 
73, the recording medium exclusively for electronic distribution 120 decrypts the content key by the save key ^^3, 
encrypts the content key Kco by the shared temporary key K temp to transmit to the encryption processing section 73 
for reproducing. 

5 [0280] Figure 18 is a block diagram illustrating a data recording state in each apparatus. In the home server 51, an 
individual ID for specifying an apparatus (identical with the one for specifying the encryption processing section), an 
ID for settlement to be used for charge processing (which can be substituted by the individual ID, if necessary, or may 
be unnecessary because it is in the registration information), a secret key different for each apparatus, the save key 
K save* ^ e Public key of the electronic distribution service center 1 to be used when mutually authenticating with the 

10 electronic distribution service center 1 (unnecessary if there is the public key certificate of the electronic distribution 
service center 1), the public key of the authentication station 22 for verifying the public key certificate, and the common 
key to be used when mutually authenticating with the extension section 66 are stored in the storage module 92 in the 
encryption processing section 65. These data are data that are stored in advance when an apparatus is manufactured. 
On the other hand, the delivery key K d to be periodically distributed from the electronic distribution service center 1 , 

15 the charge information to be written upon the purchase processing, the content key held in the external memory 
67, and the hash value for tamper checking of the license conditions information are data that are stored after starting 
use an apparatus, and are also stored in the storage module 92. The individual ID for specifying the extension section 
and the common key to be used when mutually authenticating with the encryption processing section 65 are stored in 
the storage module 106 in the extension section 66 in advance when an apparatus is manufactured. Further, since the 

20 encryption processing section 65 and the extension section 66 are associated one to one, IDs of each section may be 
held by respective storage modules (since the mutual authentication is performed by the common key, as a result, 
communication can only be made between the corresponding encryption processing section and the extension section 
associated with each other. However, processing may be the mutual authentication of the public key encryption method. 
In this case, a stored key is not the common key, but the secret key peculiar to the extension section 66.) 

25 [0281] The content key that is encrypted by the save key to be used when contents are decrypted, and 
the license conditions information indicating conditions for utilizing the content key are stored in the external memory 
67. In addition, the certificate (the public key certificate of an apparatus) of the public key corresponding to the secret 
key for each apparatus in the storage module 92, the registration information, the content provider secure container 
(contents encrypted by the content key and its signature, the content key K^, encrypted by the individual key Kj 

30 and its signature, the individual key Kj encrypted by the delivery key and its signature, and the handling policy and 
its signature), the service provider secure container (the price information and its signature), the public key certificate 
of the content provider 2, and the public key certificate of the service provider 3 are stored in the mass storage section 68. 
[0282] The encryption processing section 83 that is identical with the encryption processing section 65 held by the 
home server 51 and the external memory 85 that is identical with the external memory 67 are provided in the portable 

35 apparatus 53 (the one having the identical internal data is omitted, e.g., the extension section). However, data to be 
stored inside these memories is slightly different as shown in the figure. As the data retained by the storage module 
in the encryption processing section 83, the individual ID for specifying an apparatus, the secret key that is different 
for each apparatus, the save key K^^, the public key of the electronic distribution service center 1 to be used when 
mutually authenticating with the electronic distribution service center 1 (however, it is not necessary to have the home 

40 server 51 to perform all the procedures with the electronic distribution service center 1 on its behalf), the public key of 
the authentication station 22 for verifying the public key certificate, and the common key to be used when mutually 
authenticating with the extension section 84 are stored. These data are data that are stored in advance when an 
apparatus is manufactured. In addition, the hash value for checking tamper of the content key and the license 
conditions information to be retained in the external memory 85, the ID for settlement, if necessary, the delivery key 

45 K d , and (a part of) the registration information (if the purchase processing is not performed, the ID for settlement and 
the delivery key K d are not necessary) are data to be stored after starting an apparatus, which are also stored (if the 
purchase processing is performed, the charge information is stored as well.) The certificate of the public key corre- 
sponding to the secret key for each apparatus in the encryption processing section 83, the contents encrypted by the 
content key K^, and its signature (in addition, in some cases, the content key encrypted by the individual key K, 

50 and its signature, if necessary, the individual key Kj encrypted by the delivery key and its signature, the handling 
policy and its signature, if necessary, and the price information and its signature are also stored) , the content key 
encrypted by the save key to be used for decrypting the contents, the license conditions information indicating 
conditions for utilizing the contents are stored in the external memory 85. A public key certificate for the content provider 
2 and the public key certificate for the service provider 3 are also stored, if necessary. 

55 [0283] The recording medium 80 is provided in the fixed apparatus 52 in addition to the configuration of the home 
server 51. The recording medium 80 may be an ordinary MD or CD-R, or may be a storage medium exclusively for 
electronic distribution. In the former case, although data to be stored is decrypted contents with a copy prohibit signal 
added, encrypted contents may be naturally included (the content key encrypted by the save key Ks ave may be 



22 



EP 1 128 598 A1 



stored together. Then, only an apparatus that stores the contents can reproduce the contents. This is because the 
save key K^g is different for each apparatus.) 

[0284] In addition, as the storage medium, Figure 19 is possible. In the storage medium exclusively for electronic 
distribution 120, the individual ID of the recording medium, the secret key different for each recording medium, the 

5 public key certificate corresponding to the secret key (which may be recorded in the external memory 123), the save 
key to be used for encrypting the content key (which are generally different for each storage medium), the 
public key of the electronic distribution service center 1 (which is not required if there is not communication with the 
center or if the public key certificate of the electronic distribution service center 1 exists in the external memory 123), 
the public key of the authentication station, the hash value for inspecting tamper of the external memory 123, and (a 

10 part of) the registration information are stored in a storage module 125 in the encryption processing section 122. The 
contents encrypted by the content key (and its signature), and the content key and the license conditions 
information encrypted by the save key Ks3 Ve are stored in the external memory 123, and the handling policy (and its 
signature) , the price information (and its signature), the public key certificate of the content provider 2, and the public 
key certificate of the service provider 3 are also stored, if necessary. 

15 [0285] " Figures 20 and 21 are drawings for illustrating information to be transmitted and received among the electronic 
distribution service center 1 , the content provider 2, the service provider 3, and the user home network 5. The content 
provider 2 adds the public key certificate (whose details will be described later) of the content provider 2 to the content 
provide/ secure container (whose details will be described later) and sends it to the service provider 3. In addition, the 
content provider 2 transmits the handling policy and its signature, and the certificate of the content provider 2 to the 

20 electronic distribution service center 1 , if necessary. 

[0286] The service provider 3 verifies the public key certificate of the content provider 2, obtains the public key of 
the content provider 2, and verifies the signature of the received content provider secure container (in some cases, 
verifies only the handling policy). After successfully verifying the signature, the service provider 3 takes out the handling 
policy from the content provider secure container, and generates the price information based on the handing policy, 

25 and makes it the service provider secure container by adding the signature to the price information (details will be 
described later) . The content provider secure container, the service provider secure container, the public key certificate 
of the content provider 2, and the public key certificate of the service provider 3 (whose details will be described later) 
are transmitted to the user home network 5. In addition, the service provider 3 transmits the price information and its 
signature, and the public key certificate of the service provider 3 to the electronic distribution service center 1, if nec- 

30 essary. 

[0287] After verifying the received secure containers, the user home network 5 performs the purchase processing 
based on the handling policy and the price information included in the secure containers, generates the charge infor- 
mation to store in the storage module in the encryption processing section, generates the license conditions information, 
decrypts the content key and re- encrypts the same by the save key K^^, and stores the license conditions infor- 
35 mation and the re-encrypted content key K^, in the external memory 67. Then, the user home network 5 decodes the 
content key by the save key K save along the license conditions information, and decrypts the contents by the key 
to utilize. The charge information is encrypted by the temporary key K^pat a predetermined timing, added a signature, 
and transmitted to the electronic distribution service center 1 together with the handling policy and the price information, 
if necessary. 

40 [0288] The electronic distribution service center 1 calculates usage fees based on the charge information and the 
price information, and calculates profits of each of the electronic distribution service center 1, the content provider 2 
and the service provider 3. The electronic distribution service center 1 further compares the handling policy received 
from the content provider 2, the price information and the handling policy, if necessary, received from the service 
provider 3, and the handling policy and the price information received from the user home network 5, and monitors 

45 whether or not illegality such as tampering of the handling policy or illegal addition of prices has occurred in the sen/ice 
provider 3 or the user home network 5. 

[0289] Moreover, the electronic distribution service center 1 transmits the public key certificate of the content provider 
to the content provider 2, and transmits the public key certificate of the service provider to the served provider 3. In 
addition, since the public key certificate prepared according to each apparatus is embedded in each apparatus when 
50 the apparatus is shipped from a factory, the electronic distribution service center 1 transfers the data concerning the 
public key certificate of each apparatus to the factory. 

[0290] Figure 22 illustrates the content provider secure container. The content provider secure container 1 A includes 
the contents encrypted by the content key and its signature, the content key K^, encrypted by the individual key 
Kj and its signature, the individual key Kj encrypted by the delivery key K d and its signature, and the handling policy 
55 and its signature. The signature is data generated by applying the secret key K^p of the content provider 2 to a hash 
value generated by applying the hash function to each piece of data. Further, although a signature is generated sep- 
arately for each of the key data (the content key K^, encrypted by the individual key K, and the individual key K, encrypted 
by the delivery key and added in the case of Figure 22, each piece of key data (the content key encrypted by 
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the individual key K, and the individual key K, encrypted by the delivery key may be consolidated into one, and one 
signature may be generated for the consolidated data and added. By consolidating the key data to be always used 
together into one and adding a signature to the consolidated data, one verification of the signature is sufficient. 
[0291] Figure 23 illustrates another example of the content provider secure container. The content provider secure 
5 container 1B includes the contents encrypted by the content key and its signature, the content key encrypted 
by the individual key K t and its signature, and a handling policy and its signature. 

[0292] Figure 24 illustrates another example of the content provider secure container. The content provide secure 
container 1C includes the contents encrypted by the content key K^, the content key K^, encrypted by the individual 
key Ki, the individual key K % encrypted by the delivery key K d , a handling policy and signatures. The signature is data 
10 generated by applying the secret key K^p of the content provider 2 to a hash value generated by applying a hash 
function to the contents encrypted by the content key K^, the content key encrypted by the individual key K if the 
individual key Kj encrypted by the delivery key Kj, and a handling policy. 

[0293] Figure 25 illustrates another example of the content provider secure container. The content provider secure 
container 1D includes the contents encrypted by the content key K^, the content key encrypted by the individual 
15 key K,, a handling policy and signatures. The signature is data generated by applying the secret key K^p of the content 
provider 2 to a hash value generated by applying a hash function to the contents encrypted by the content key K^, 
the content key encrypted by the individual key K,, and a handling policy. 

[0294] Figure 26 illustrates the public key certificate of the content provider 2. The public key certificate 2A of the 
content provider 2 includes a version number of the public key certificate, a serial number of the public key certificate 

20 to be allocated to the content provider 2 by the authentication station, an algorithm and a parameter used for the 
signature, a name of the authentication station, an effective period of the public key certificate, a name of the content 
provider 2, the public key of the content provider 2, and signatures. The signature is data generated by applying 
the secret'key of the authentication station to a hash value generated by applying a hash function to the version 
number of the public key certificate, a serial number of the public key certificate to be allocated to the content provider 

25 2 by the authentication station, an algorithm and a parameter used for the signature, a name of the authentication 
station, an effective period of the public key certificate, and a name of the content provider 2, the public key of 
the content provider 2. 

[0295] Figure 27 illustrates another example of the public key certificate of the content provider 2. The public key 
certificate 2B of the content provider 2 includes a version number of the public key certificate, a serial number of the 

30 public key certificate to be allocated to the content provider 2 by the authentication station, an algorithm and a parameter 
used for the signature, a name of the authentication station, an effective period of the public key certificate, a name of 
the content provider 2," the public key of the content provider 2, the individual key Kj encrypted by the delivery key 
K d , and signatures. The signature is data generated by applying the secret key of the authentication station to a 
hash value generated by applying a hash function to a version number of the public key certificate, a serial number of 

35 the public key certificate to be allocated to the content provider 2 by the authentication station, an algorithm and a 
parameter used for the signature, a name of the authentication station, an effective period of the public key certificate, 
a name of the content provider 2, the public key of the content provider 2, and the individual key K, encrypted by 
the delivery key 

[0296] Figure 28 illustrates yet another example of the public key certificate of the content provider 2. The public key 

40 certificate 2B of the content provider 2 includes a version number of the public key certificate, a serial number of the 
public key certificate to be allocated to the content provider 2 by the authentication station, an algorithm and a parameter 
used for the signature, a name of the authentication station, an effective period of the public key certificate, a name of 
the content provider 2, the public key Kpcp of the content provider 2, a predetermined type of data that is a part of the 
individual key K, encrypted by the delivery key K d , and signatures. The signature is data generated by applying the 

45 secret key of the authentication station to a hash value generated by applying a hash function to a version number 
of the public key certificate, a serial number of the public key certificate to.be allocated to the content provider 2 by the 
authentication station, an algorithm and an parameter used for the signature, a name of the authentication station, an 
effective period of the public key certificate, a name of the content provider 2, the public key of the content provider 
2, and a predetermined type of data that is a part of the individual key ^ encrypted by the delivery key K„. 

50 [0297] Figure 29 illustrates the service provider secure container. The service provider secure container 3A is com- 
prised of price information and signatures. The signature is data generated by applying the secret key K^p of the 
service provider 3 to a hash value generated by applying a hash function to price information, if necessary 
[0298] Figure 30 illustrates another example of the service provider secure container. The service provider secure 
container 3B includes the content provider secure container, price information and signatures. The signature is data 

55 generated by applying the secret key K^p of the service provider 3 to a hash value generated by applying a hash 
function to the content provider secure container and the price information. 

[0299] Figure 31 illustrates the public key certificate of the service provider 3. The public key certificate 4A of the 
service provider 3 includes a version number of the public key certificate, a serial number of the public key certificate 
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to be atlocated to the content provider 3 by the authentication station, an algorithm and a parameter used for the 
signature, a name of the authentication station, an effective period of the public key certificate, a name of the service 
provider 3, the public key of the service provider 3, and signatures . The signature is data generated by applying 
the secret key of the authentication station to a hash value generated by applying a hash function to a version 
5 number of the public key certificate, a serial number of the public key certificate to be allocated to the service provider 
3 by the authentication station, an algorithm and a parameter used for the signature, a name of the authentication 
station, an effective period of the public key certificate, and a name of the service provider 3, the public key of the 
service provider 3. 

[0300J Figure 32 illustrates the public key certificate of the user apparatus. The public key certificate 5A of the user 
10 apparatus includes a version number of the public key certificate, a serial number of the public key certificate to be 
allocated to the user apparatus (more precisely the encryption processing section (a exclusive use ticket)) by the 
authentication station, an algorithm and a parameter used for the signature, a name of the authentication station, an 
effective period of the public key certificate, a name of the user apparatus, the public key of the user apparatus, 
and the signatures. The signature is data generated by applying the secret key of the authentication station to a 
15 hash value generated by applying a hash function to the version number of the public key certificate, a serial number 
of the public key certificate to be allocated to the user apparatus by the authentication station, an algorithm and a 
parameter used for the signature, a name of the authentication station, an effective period of the public key certificate, 
and a name of the user apparatus, the public key of the user apparatus. 

[03011 Figures 33 and 34 shows a data format of a handling policy that is generated for each single content or album 

20 content by the content provider 2 and shows contents of a utilization right purchasable by the user home network 5. 
[0302] In the data of the handling policy for the single content (Figure 33), a type of the data, a type of the handling 
policy, an effective period of the handling policy, an ID of the contents, an ID of the content provider, an ID of the 
handling policy, a version of the handling policy, a regional code, usable apparatus conditions, usable user conditions, 
an ID of the service provider, generation management information, the number of rules including the purchasable 

25 utilization right indicated by the handling policy, address information indicating the storage position of the rules, the 
rules stored in the position indicated by the address information, the public key certificate and signatures. 
[0303] The rule is composed of a rule number given as a serial number for each utilization right, a utilization right 
content number indicating the utilization right contents, its parameter, a minimum sales price, a profit amount of the 
content provider, a profit ratio of the content provider, a data size, and transmission information. 

30 [0304] In addition, data of a handling policy for the album contents (Figure 34), a type of data, a type of the handling 
policy, an effective period of the handling policy, an ID of the album, a version of the handling policy, an ID of the 
contents, an ID of the content provider, an ID of the handling policy, a version of the handling policy, a regional code, 
usable apparatus conditions, usable user conditions, an ID of the service provider, the number of a handling policy of 
single contents forming the album, address information indicating a storing position of the handling policy of the single 

35 content, a data packet of the handling policy of the single content stored in the position indicated by the address 
information, generation management information, the number of rules including the purchasable utilization right indi- 
cated by the handling policy, address information indicating the storage position of the rules, the rules stored in the 
position indicated by the address information, the public key certificate and signatures. 

[0305] Further, similar to the rule of the handling policy of the single content, the rules is composed of a rule number 
40 given as a serial number for each utilization right, a utilization right content number indicating the utilization right con- 
tents, its parameter, a minimum sales price, a profit amount of the content provider, a profit ratio of the content provider, 
a data size, and transmission information. 

[0306] In these a handling policy, a type of data indicates that the data is the data of a handling policy, and a type of 
the handling policy indicates which of single or album contents the handling policy is. The effective period of the handling 

45 policy indicates a usage period of the handling policy by a date on which the period expires, or by the number of days 
from a date to be a basis when the use has started to a data when the period expires. An ID of the contents and an ID 
of the album indicates the purchasable single contents or album contents indicated by the handling policy, an ID of the 
content provider indicates the ID of the content provider 2 that has provided for the handling policy. 
[0307] In addition, an ID of the handling policy is for identifying the handling policy, and is used, for example, for 

50 identifying the handling policy in the case in which a plurality of a handling policy are set for identical contents. A version 
of the handling policy indicates revision information of a policy that is revised according to a use period. Therefore, the 
handling policy is managed by the ID of the handling policy and the version of the handling policy. 
[0308] A regional code indicates a region where a handling policy is usable by coding the region, and can assign a 
code indicating a specific region limiting regions where the handling policy is usable and a code that can make the 

55 handling policy usable in all the regions to the regional code. Usable apparatus conditions indicate conditions of an 
apparatus that can utilize the handling policy, and usable user conditions indicate conditions of a user who can utilize 
the handling policy. 

[0309] An ID of a service provider indicates an ID of a service provider 3 that utilizes a handling policy, and the ID 
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of the service provider includes an ID of a specific service provider 3 limiting a service provider 3 that can use the 
handling policy and an ID that makes the handling policy usable for a plurality of (all) the service providers. 
[0310] Moreover, generation management information indicates a maximum number of times contents can be re- 
purchased. A signature is affixed to the entirety ranging from a type of data to a public key certificate excluding the 

5 signature from a handling policy. An algorithm and a parameter used in preparing the signature and a key to be used 
for verification of the signature are included in the public key certificate. In addition, in rules, a utilization right content 
number is a number added for each utilization right content, and a parameter indicates a parameter of right contents. 
A minimum sales price indicates a minimum sales price in selling single or album contents according to the utilization 
right contents, a profit amount and a profit ratio of a content provider indicates an amount of a profit that a content 

10 provider 2 can obtain when the single contents and the album contents are purchased, and a profit ratio to the sales 
price. A data size indicates data size of transmission information, and the transmission information consists of a point 
to be added to a user through a purchase of the utilization right set by the content provider 2, mileage information made 
up of a discount amount of the utilization right according to the point, and various kinds of information set by the content 
provider 2, if necessary. 

15 [031 1] Here, in the handling policy of the album contents, a plurality of rules indicate a purchase form of the album. 
In addition, in a handling policy of a plurality of single contents stored in the handling policy of the album contents, 
rules stored in the handling policy indicate a purchase form of the single contents in the album such as a form in which 
respective corresponding single contents can be independently purchased as a single tune out of the album, or a form 
in which respective corresponding single contents can be purchased as an album tune only (that is, can only be pur- 

20 chased together with other single contents as an album). 

[0312] Therefore, in a handling policy of album contents, it is defined such that either of album contents or single 
contents that can be soled as a single tune can be selected to be purchased in the manner in which the album contents 
are purchased based on rules of the handling policy and the single contents are purchased as a single tune. 
[031 3] In addition, in a handling policy of album contents, with the addition of a signature to the entire album contents, 

25 tamper or the like can be checked for a handling policy of each single content as well together with the handling policy 
of the album contents simply by verifying the signature without respectively verifying the handling policy of the single 
contents stored in the handling policy, hence, the verification of a signature can be thereby simplified. 
[0314] Incidentally, in a handling policy of single and album contents, presence or absence of a verification of a 
signature can be stored, if necessary, which indicates whether or not the verification of a signature is executed to the 

30 contents. This is because the verification of a signature takes time, and, if information on presence or absence of the 
verification of a signature with respect to a handling policy is stored, makes the verification of a signature of contents 
to be executed or not to be executed according to the information 

[031 5] In addition, in a handling policy of album contents, although it stores a handling policy of a plurality of single 
contents forming the album, it may not store a handling policy of the plurality of single contents. 
35 [031 6] Moreover, in a handling policy of single and album contents, since a profit amount and a profit ratio of a content 
provider can be managed altogether by the electronic distribution service center 1, the handling policy can be formed 
excluding the profit amount and the profit ratio of the content provider. 

[0317] Figures 37 and 38 illustrate a data format of price information, and the price information is generated for each 
a handling policy of single contents to be given by a content provider 2 and for each a handling policy of album contents 

40 in a service provider 3, and indicates a price of the single contents and the album contents. 

[0318] In the data of the handling policy for the single content (Figure 37), a type of the data, a type of the price 
information, an effective period of the price information, an ID of the contents, an ID of the service provider, an ID of 
the price information, a version of the price information, a regional code, usable apparatus conditions, usable user 
conditions, an ID of the content provider, an ID of the handling policy to which the price information is added, the number 

45 of rules including the purchasable utilization right indicated by the price information, address information indicating the 
storage position of the rules, the rules stored in the position indicated by the address information, the public key cer- 
tificate and signatures. 

[0319] The rule is composed of a rule number given as a serial number for each utilization right, a profit amount of 
the service provider, a profit ratio of the service provider, a price, a data size, and transmission information. 

50 [0320] In addition, in the data of the handling policy for the single content (Figure 38), a type of the data, a type of 
the price information, an effective period of the price information, an ID of the album, an ID of the service provider, an 
ID of the price information, a version of the price information, a regional code, usable apparatus conditions, usable 
user conditions, an ID of the content provider, an ID of the handling policy to which the price information is added, the 
number of pieces of price information of single contents forming the album, address information indicating a storage 

55 position of the price information of the single contents, a data packet of the price information of the single contents 
stored in the position indicated by the address information, the number of rules including the purchasable utilization 
right indicated by the price information, address information indicating the storage position of the rules, the rules stored 
in the position indicated by the address information, the public key certificate and signatures. 
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[0321] Similar to the rule of the price information for the single contents, the rule is composed of a rule number given 
as a serial number for each utilization right, a profit amount of the service provider, a profit ratio of the service provider, 
a price, a data size, and transmission information. 

[0322] In the above-mentioned price information, a type of data indicates that the data is the data of price information, 
5 and a type of the price information indicates which of single or album contents the price information is. The effective 
period of the price information indicates a usage period of the price information by a date on which the period expires, 
or by the number of days from a date to be a basis when the use has started to a data when the period expires. An ID 
of the contents and an ID of the album indicates the purchasable single contents or album contents indicated by the 
price information, an ID of the service provider indicates the ID of the service provider 3 that has prepared the price 
10 information. 

[0323] In addition, an ID of the price information is for identifying the price information, and is used, for example, for 
identifying the price information in the case in which a plurality of pieces of price information are set for identical contents. 
A version of the price information indicates revision information of price information that is revised according to a use 
period. Therefore, the price information is managed by the ID of the price information and the version of the price 
15 information. 

[0324] A regional code indicates a region where price information is usable by coding the region, and can assign a 
code indicating a specific region limiting regions where the price information is usable and a code that can make the 
price information usable in all the regions to the regional code. Usable apparatus conditions indicate conditions of an 
apparatus that can utilize the price information, and usable user conditions indicate conditions of a user who can utilize 
20 the price information. An ID of a content provide indicates an ID of a content provider 2 that has provided for a handling 
policy to which the price information is added. An ID of the handling policy is for identifying the handling policy to which 
the price information is added. 

[0325] Moreover, a signature is affixed to the entirety ranging from a type of data to a public key certificate excluding 
the signature from price information. An algorithm and a parameter used in preparing the signature and a key to be 

25 used for verification of the signature are included in the public key certificate. 

[0326] In addition, in rules, a rule number uses a rule number of a rule indicated by a corresponding a handling policy 
as it is. A profit amount and a profit ratio of a service provider indicates an amount of profit that a service provider 3 
can obtain when single contents and album contents are purchased and a profit ration to a price, and the price indicates 
a sales price of the single contents and the album contents that are set by the service provider 3 based on utilization 

30 right contents and a corresponding minimum sales price. A data size indicates data size of transmission information, 
and the transmission information consists of a point to be added to a user through a purchase of the utilization right 
set by the service provider 3, mileage information made up of a discount amount of the utilization right according to 
the point, and various kinds of information set by the service provider 3, if necessary. 

[0327] Here, when generating price information, the service provider 3 can set all the purchasable utilization right 
35 indicated by a corresponding a handling policy as a purchasable right indicated by the price information, and at the 
same time, can set a utilization right arbitrary selected out of all the purchasable utilization right indicated by the handling 
policy, thus, can select a utilization right provided for by the content provider 2. 

[0328] In addition, in price information of album contents, a plurality of rules provides for a sales price corresponding 
to a purchase form of an album. Further, in price information of a plurality of single contents stored in the price infor- 
40 mation of the album contents, rules of price information of single contents that can be soled as a single tune provides 
for a safes price of single contents that can be sold as the single tune. 

[0329] Therefore, in price information of album contents, the price information is made such that a sales price of an 
album and a sales price of single contents that can be sold as a single tune can be recognized by one piece of the 
price information. 

45 [0330] In addition, in price information of album contents, with the addition of a signature to the entire album contents, 
tamper or the like can be checked for price information of each single content as well together with the price information 
of the album contents simply by verifying the signature without respectively verifying the signature of price information 
of the single contents stored in the price information, hence, the verification of a signature can be thereby simplified. 
[0331] Incidentally, in price information of a single and an album, presence or absence of a verification of a signature 

50 with respect to contents as in the above-mentioned a handling policy concerning Figures 33 and 34. In addition, in 
price information of album contents, although it stores price information of a plurality of single contents forming the 
album, it may not store price information of the plurality of single contents. 

[0332] Moreover, in price information of single and album contents, since a profit amount and a profit ratio of a service 
provider can be managed altogether by the electronic distribution service center 1 , the price information may be formed 
55 excluding the profit amount and the profit ratio of the service provider. 

[0333] Figure 41 illustrates a data format of license conditions information, and the license conditions information is 
prepared, when a user purchases contents, based on a handling policy of the purchased contents in an apparatus in 
the user home network 5, and indicates utilization right contents selected by the user among utilization right contents 
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indicated by the handling policy. 

[0334] In data of license conditions information, a type of data, a type of license conditions information, an effective 
period of the license conditions information, an ID of contents, an ID of an album, an ID of an encryption processing 
section, an ID of a user, an ID of a content provider, an ID of a handling policy, version of the handling policy, an ID of 

5 a service provider, an ID of price information, a version of price information, an ID of license conditions information, a 
rule number attached to a reproduction right (utilization right) as a serial number, a utilization right content number, a 
remaining number of time of reproduction, an effective period of the reproduction right, a rule number attached to a 
copying right (utilization right) as a serial number, a utilization right content number, a remaining number of times of 
copying, generation management information, and an ID of an encryption section having a reproduction right are stored. 

10 [0335] In license conditions information, a type of data indicates that the data is data of the license conditions infor- 
mation, a type of license conditions information indicates whether the license conditions information is license condi- 
tions information of single contents or album contents. An effective period of license conditions information indicates 
a usage period of the license conditions information by a data when the period expires, the number of days from a day 
to be a basis of start using until a data when the period expires. 

15 [0336] An ID indicating purchased single contents is described in an ID of contents, and an ID indicating an album 
is described in an ID of an album only when the album is purchased. In fact, if contents are purchased as a single, the 
ID indicating the purchased single contents is described in an ID of the contents, and if contents are purchased as an 
album, IDs of all the single contents forming the album are described in the ID of contents and an ID indicating the 
purchased album is described in the ID of an album. Therefore, just looking at the ID of an album, whether purchased 

20 contents are a single or an album can be easily determined. 

[0337] An ID of an encryption processing section indicates an encryption processing section of an apparatus in the 
user home network 5 that performed purchase processing of contents. When an apparatus in the user home network 
5 that purchased contents is shared by a plurality of users, an ID of a user indicates a plurality of users sharing an 
apparatus. 

25 [0338] In addition, an ID of a content provider indicates an ID of a content provider 2 that has provider for a handling 
policy used for preparing license conditions information, and an ID of a handling policy indicates a handling policy used 
for preparing the license conditions information. An version of a handling policy indicates revision information of a 
handling policy used for preparing license conditions information. An ID of a service provider indicates an ID of a service 
provider 3 that has prepared price information used for preparing license conditions information, and an ID of price 

30 information indicates price information used for preparing the license conditions information. A version of price infor- 
mation indicates revision information of a handling policy used for preparing license conditions information. Therefore, 
a content provider 2 or a service provider 3 that has provided contents purchased by a user can be found by the ID of 
a content provider, the ID of a handling policy, the version of a handling policy, the ID of a service provider, the ID of 
price information and the version of price information. 

35 [0339] An ID of license conditions information is attached by an encryption processing section of an apparatus in a 
user home network 5 that has purchased contents, and is used for identifying the license conditions information. A rule 
number of a reproduction right indicates a serial number attached to a reproduction right among a utilization right and 
uses a rule number of a rule indicated by a corresponding handling policy or price information as it is. Utilization right 
contents indicate contents of a reproduction right to be described later. A remaining number of times of reproduction 

40 indicates a remaining number of times of reproduction among a number of times of reproduction set in advance to 
contents, and an effective period of a reproduction right indicates a corresponding reproduction available period of 
purchased contents by a date and time when the period expires. 

[0340] In addition, a rule number of a copying right indicates a serial number attached to a copying right among a 
utilization right, and uses a rule number of a rule indicated by a corresponding handling policy and price information 
45 as it is. Utilization right contents indicate contents of a copying right to be described later. A remaining number of times 
of copying indicates a remaining number of times of copying among a number of times of copying set in advance to 
purchased contents . 

[0341] Moreover, generation management information indicates, when contents are re-purchased, a remaining 
number of times the contents can be re-purchased. An ID of an encryption processing section having a reproduction 
50 right indicates an encryption processing section having a reproduction right at the current time, and when management 
is shifted, an ID of an encryption processing section having a reproduction right is changed. 

[0342] Incidentally, in license conditions information, an effective period may be provided for with respect to a copying 
right, and when the effective period is provided for, a period for purchased contents in which copying is available is 
indicated by a date and time when the period expires, or the like. 
55 [0343] Figure 42 indicates charge information, and the charge information is generated, when contents are pur- 
chased, by an apparatus in the user home network 5 based on a handling policy and price information corresponding 
to the contents. 

[0344] In data of charge information, a type of data, an ID of an encryption processing section, an ID of a user, an 
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ID of contents, an ID of a content provider, an ID of a handling policy, a version of a handling policy, an ID of a service 
provider, an ID of price information, a version of price information, an ID of license conditions information, a rule number, 
a profit amount and a profit ratio of a content provider 2, a profit amount and a profit ratio of a service provider, generation 
management information, a data size of transmission information set by a content provider, the transmission information 
5 set by the content provider, a data size of transmission information set by a service provider, transmission information 
set by the service provider, and an ID of a supplier. 

[0345] In charge information, a type of data indicates that the data is charge information, and an ID executes purchase 
processing of contents and indicates an encryption processing section of an apparatus that has generated the charge 
information. When a plurality of users share an apparatus in a user home network 5 that has purchased the contents. 
10 an ID of a user indicates a plurality of users who share the apparatus, and ID of contents indicates the purchased 
contents (single contents and album contents). 

[0346] In addition, an ID of a content provider indicates an ID of a content provider 2 that has provided for a handling 
policy used for a purchase processing (an ID of a content provider included in the handling policy) , and an ID of a 
handling policy indicates a handling policy used for the purchase processing. A version of a handling policy indicates 
15 revision information of a handling policy used for purchase processing. An ID of a service provider indicates an ID of 
a service provider 3 that has prepared price information used for purchase processing (an ID of a service provider 
included in the price information), and an ID of price information indicates price information used for the purchase 
processing. Aversion of price information indicates revision information of price information used for purchase process- 
ing. 

20 [0347] An ID of license conditions information indicates an ID of license conditions information that has been prepared 
upon purchase processing, and a rule number indicates a rule number attached to a purchased utilization right as a 
serial number. A profit amount and a profit ratio of a content provider indicate an amount of dividend that is distributed 
to a content provider 2 through purchase of contents and its ratio to sales, and a profit amount and a profit ratio of a 
service provider indicate an amount of dividend that is distributed to a service provider 3 through purchase of contents 

25 and its ratio to sales. 

[0348] Moreover, generation management information indicates a generation of purchased contents. In addition, a 
data size indicating a handling policy used for purchase processing and transmission information are stored as they 
are in a data size of transmission information set by a content provider and the transmission information set by the 
content provider, and a data size indicating price information used for purchase processing and transmission informa- 
nt? tion are stored as they are in a data size of transmission information set by a service provider and the transmission 
information set by the service provider. An ID of a supplier indicates an apparatus of a supplier that has applied purchase 
processing, and the ID is accumulated every time re-purchase of contents is conducted. 

[0349] Incidentally, in charge information, since a profit amount and a profit ratio of a content provider and a profit 
amount and a profit ratio of a service provider may be managed altogether by the electronic distribution service center 
35 1 , the charge information may be formed excluding the profit amount and the profit ratio of the content provider as 
shown in Figure 43. 

[0350] Figure 44 shows contents of a purchasable utilization right, and as the utilization right, there are roughly a 
reproduction right, a copying right, a right content changing right, a re-purchase right, an additional purchase right, and 
a management transfer right 

40 [0351] The reproduction right includes an unlimited reproduction right that does not have limitations on a period or 
the number of times of reproduction, a reproduction right with a period limitation that limits a reproduction period, a 
reproduction right with a cumulating time limitation that limits cumulating time of reproduction, and a reproduction right 
with a number of times limitation that limits the number of times of reproduction. The copying right includes an unlimited 
copying right without a period limitation, a number of times limitation and copy management information (e.g., the serial 

45 copy management: SCMS), a copying right with a number of times limitation and without copy management information 
that limits the number of times of copying but does not have copy management information, a copying right with copy 
management information that does not have a period limitation and a number of times limitation but adds and provides 
copy management information, and a copying right with a number of times limitation and copy management information 
that limits the number of times of copying, and adds and provides copy management information. Incidentally, in addition 

50 to the above, as a copying right, there are a copying right with a period limitation that limits a copy available period 
(including the one that adds copy management information and the one that does not add the copy management 
information) , and a copying right with a cumulating time limitation that limits a cumulating time of copying (i.e., a 
cumulating time required for reproduction of copied contents) (including the one that adds copy management informa- 
tion and the one that does not add the copy management information), and the like. 

55 [0352] in addition, the right contents changing right is a right for changing contents of a right already purchased to 
other contents, and the re-purchase right is a right for separately purchasing a utilization right based on a right pur- 
chased by other apparatuses as described above . The additional purchase right is a right for purchasing and adding 
to independently purchased contents other contents of an album including the contents, and the management transfer 
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right is a right for transferring a purchased right to change an owner. 

[0353] An specific example of utilization right contents shown in Figure 33, etc. will now be described. In fact, as 
shown in Figure 45A, as data of the unlimited reproduction right, information on an effective period of a reproduction 
right that indicates an effective period of a reproduction right by a date on which the period expires, or the number of 

5 days from a date to be a basis of starting an effective period until a date on which the period expires, or the like is 
stored in a region of utilization right contents. As shown in Figure 45B, as data of the reproduction right with a period 
limitation, information on an effective period of the reproduction right that indicates an effective period of a reproduction 
right by a date on which the period expires, or the number of days from a date to be a basis of starting an effective 
period until a date on which the period expires, or the like is stored in a region of utilization right contents. 

10 [0354] As shown in Figure 45C t as data of the reproduction right with a cumulating limitation, information on an 
effective period of the reproduction right that indicates an effective period of a reproduction right by a date on which 
the period expires, or the number of days from a date to be a basis of starting an effective period until a date on which 
the period expires, or the like, and information on the number of days and time indicating a limitation of accumulating 
time contents can be reproduced are stored in a region of utilization right contents. As shown in Figure 45D, as data 

15 of the reproduction right with a number of times limitation, information on an effective period of the reproduction right 
that indicates an effective period of a reproduction right by a date on which the period expires, or the number of days 
from a date to be a basis of starting an effective period until a date on which the period expires, or the like, and 
information on the number of times of reproduction indicating the number of times contents can be reproduced are 
stored in a region of utilization right contents. A 

20 [0355] In addition, as shown in Figure 45E, as data of the unlimited copying right without copy management infor- 
mation, information on an effective period of the copying right that indicates an effective period of a copying right by a 
date on which the period expires, or the number of days from a date to be a basis of starting an effective period until 
a date on which the period expires, or the like is stored in a region of utilization right contents. As shown in Figure 45F, 
as data of the copying right with a number of times limitation and without copy management information, information 

25 on an effective period of the copying right that indicates an effective period of a copying right by a date on which the 
period expires, or the number of days from a date to be a basis of starting an effective period until a date on which the 
period expires, or the like, and information on the number of times of copying that indicates the number of times contents 
can be copied are stored in a region of utilization right contents. 

[0356] In addition, as shown in Figure 45G, as data of the copying right with copy management information, infor- 
30 mation on an effective period of the copying right that indicates an effective period of a copying right by a date on which 
the period expires, or the number of days from a date to be a basis of starting an effective period until a date on which 
the period expires, or the like is stored in a region of utilization right contents. As shown in Figure 45H, as data of the 
copying right with a number of times limitation and copy management information, information on an effective period 
of the copying right that indicates an effective period of a copying right by a date on which the period expires, or the 
35 number of days from a date to be a basis of starting an effective period until a date on which the period expires, or the 
like, and information on the number of times of copying that indicates the number of times contents can be copied are 
stored in a region of utilization right contents. 

[0357] Moreover, as shown in Figure 45I, as data of the right contents changing right, information on an effective 
period of the right contents changing right that indicates an effective period of a right content changing right by a date 

40 on which the period expires, or the number of days from a date to be a basis of starting an effective period until a date 
on which the period expires, or the like, an old rule number for retrieving utilization right contents before change, and 
a new rule number for retrieving utilization right contents after change are stored in a region of utilization right contents. 
Incidentally, as utilization right contents, a plurality of kinds of contents exist for each utilization right content in one 
reproduction right with period limitation as a plurality kinds of reproduction right with period limitation exist by setting 

45 the period. Therefore, since it is difficult to manage utilization right contents only by a utilization right contents number, 
in the right contents changing right, utilization right contents are managed by a rule number attached for each of a 
plurality of contents for each of these utility right contents. 

[0358] As shown in Figure 45J, as data of the repurchase right, information on an effective period of the repurchase 
right that indicates an effective period of a repurchase right by a date on which the period expires, or the number of 
50 days from a date to be a basis of starting an effective period until a date on which the period expires, or the like, an 
old rule number for retrieving utilization right contents before repurchase, and a new rule number for retrieving utilization 
right contents after repurchase, and maximum distribution generation information that indicates the maximum number 
of times contents can be repurchased are stored in a region of utilization right contents. 

[0359] As shown in Figure 45K, as data of the additional purchase right, information on an effective period of the 
55 additional purchase right that indicates an effective period of an additional purchase right by a date on which the period 
expires, or the number of days from a date to be a basis of starting an effective period until a date on which the period 
expires, or the like, and a minimum holding contents number and a maximum holding contents number indicating single 
contents already purchased among a plurality of single contents forming album contents are stored in a region of 
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utilization right contents. 

[0360] As shown in Figure 45L, as data of the management transfer right, information on an effective period of the 
management transfer right that indicates an effective period of a management transfer right by a date on which the 
period expires, or the number of days from a date to be a basis of starting an effective period until a date on which the 

5 period expires, or the like is stored in a region of utilization right contents. 

[0361] Incidentally, as such utilization right contents, for example, when data of a game is divided into a plurality of 
contents, a contents purchase right for purchasing the contents in accordance with a predetermined order may be 
provided for. Further, as shown in Figure 45M, as data of the contents purchase right, information on an effective period 
of the contents purchase right that indicates an effective period of a contents purchase right by a date on which the 

10 period expires, or the number of days from a date to be a basis of starting an effective period until a date on which the 
period expires, or the like, an I D of contents already purchased, an old rule number for retrieving utilization right contents 
already purchased, and a new rule number for retrieving utilization right contents to be purchased anew are stored in 
a region of utilization right contents. In this way, a game program having a series of stories is made to be purchased, 
and contents (game) themselves can be upgraded. 

15 [0362] " Figure 46 shows a data format of single contents, and in data of the single contents, a type of data, a type of 
contents, an effective period of contents, a category of contents, an ID of contents, an ID of a content provider, an 
encryption method of contents, a data length of encrypted contents, the encrypted contents, a public key certificates 
and a signature are stored. 

[0363] In the single contents, the type of data indicates that the data is data of the contents, and the type of contents 
20 indicates that the contents are a single. The effective period of contents indicates a distribution period of the contents 
by a data on which the period expires, the number of days from a data to be a basis when distribution is started until 
the period expires, or the like. The category of contents indicates whether the contents are music data, program data, 
video data, or the like, and the ID of contents is for identifying the single contents. 

[0364] The ID of a content provider indicates an ID of a content provider 2 having the single contents. The encryption 
25 method of contents indicates an encryption method used for encryption of the contents (e.g., DES). The signature is 
attached to the entirety from the type of data to the public key certificate excluding the signature from data of the single 
contents. An algorithm and a parameter used in preparing the signature as well as a key to be used for verification of 
the signature are included in the public key certificate. 

[0365] In addition, Figure 47 indicates a data format of album contents, and in data of the album contents, a type of 
30 data, a type of contents, an effective period of contents, an ID of an album, an ID of a content provider, the number of 
single contents, address information of single contents, single contents, a public key certificates and a signature are 
stored. 

[0366] In the album contents, the type of data indicates that the data is data of the contents, and the type of contents 
indicates that the contents are an album. The effective period of contents indicates a distribution period of the contents 
35 by a data on which the period expires, the number of days from a data to be a basis when distribution is started until 
the period expires, or the like, and the ID of an album is for identifying the album contents. 

[0367] The ID of a content provider indicates an ID of a content provider 2 having the album contents. The number 
of single contents indicates the number of single contents forming an album, the address information indicates a storage 
position of single contents forming the album, and is a data packet of a plurality of single contents forming the album 
40 that are actually stored in a position indicated by the address information. In addition, the signature is attached to the 
entirety from the type of data to the public key certificate excluding the signature from data of the single contents. An 
algorithm and a parameter used in preparing the signature as well as a key to be used for verification of the signature 
are included in the public key certificate. 

[0368] In addition, in album contents, with the addition of a signature to the entire album contents, tamper or the like 
45 can be checked for each single content as well together with the album contents simply by verifying the signature 
without respectively verifying the single contents stored in the album contents, hence, the verification of a signature 
can "be thereby simplified. 

[0369] Figure 48 shows a data format of a key for single contents, and in key data for the single contents, a type of 
data, a type of key data, an effective period of a key, an ID of contents, an ID of a content provider, a version of a key, 
50 an encryption method of a content key K^, an encrypted content key K^, an encryption method of an individual key 
Kj, an encrypted individual key K,, a public key certificated and a signature are stored. 

[0370] In the key data for single contents, the type of data indicate that the data is data of a key, the type of key data 
indicates the key data is for single contents. The effective data of a key indicates a usage period of a key (a content 
key and an individual key shown in the key data by a data on which the period expires, the number of days 
55 from a data to be a basis when use is started until the period expires, or the like, and the ID of contents indicates single 
contents to be encrypted by the content key K^. The ID of a content provider holds contents and indicates an ID of a 
content provider 2 that has generated the content key K^. 

[0371] The version of a key indicates revision information of a key (a content key K^, and an individual key K,) that 



31 



EP 1 128 598 A1 



has been revised according to a usage period. The encryption method of contents key indicates an encryption 
method (e.g., DES) used for encryption of the content key using an individual key K,, and the encrypted content 
key indicates a content key that has been encrypted using the individual key Kj by the encryption method. The 
encryption method of an individual key K, indicates an encryption method (e.g., Triple-DES-CBC) for encrypting an 
5 individual key K, using a delivery key K d , and the encrypted individual key K, indicates an individual key K, that has 
been encrypted using a delivery key by the encryption method. The signature is attached to the entirety from the 
type of data to the public key certificate excluding the signature from data of the single contents. An algorithm and a 
parameter used in preparing the signature as well as a key to be used for verification of the signature are included in 
the public key certificate. 

10 [0372J Here, the delivery key K d and the individual key K } are delivered from a content provider 2, always united by 
key data for single contents . Then, in the key data for single contents, one signature is added to the entire data. 
Therefore, in an apparatus having received the key data for single contents, it is not necessary to separately verify 
signatures with respect to an encrypted content key and an encrypted key K|, the signatures are deemed to be 
verified with respected to the encrypted content key and the encrypted individual key Kj simply by verifying one 

15 signature of the key data for single contents, hence, the verification of a signature with respect to the encrypted content 
key and the encrypted individual key K, can be thereby simplified. 

[0373] Incidentally, an individual key K, is encrypted with an ID of a content provider that encrypts a content key 
using the individual key K^. A method for encrypting an individual key Kj together with an ID of a content provider by 
an encryption method called the CBC of a triple DES will be described with reference to Figure 49. That is, with?such 

20 an encryption method, after connecting a predetermined initial value and an individual key Kj (64 bits), the individual 
key Kj is encrypted by an encryption method by the CBC mode of triple DES, and after connecting a first value of a 
resulting 64 bits with an ID (64 bits) of a content provider, the individual key Kj is encrypted by an encryption method 
by the CBC mode of triple DES using the delivery key K d again, thereby obtaining a second value of 64 bits. In such 
an encryption method, data of 16 bites connecting the first value and the second value becomes the encrypted individual 

25 key Kj that is stored in key data for single contents (in this case, the first value corresponds to first 64 bit data of the 
encrypted individual key K, to be stored in the key data for single contents, and the second value becomes 64 bit data 
following the first value among the encrypted individual key K^ to be stored in the key data for single contents.) 
[037 4] In addition, Figure 50 shows key data for album contents; and in the key data for album contents, a type of 
data, a type of key data, an effective period of a key, an ID of an album, an ID of a content provider, a version of a key, 

30 the number of key data for single contents to be used for encrypting single contents forming an album, address infor- 
mation indicating a storage position of the key data, a key data packet stored in a position indicated by the address 
information, a public key certificate and a signature are stored. 

[0375] In the key data for album contents, the type of data indicate that the data is data of a key, the type of key data 
indicates the key data is for album contents. The effective data of a key indicates a usage period of a key (a content 
35 key K^) shown in the key data by a data on which the period expires, the number of days from a data to be a basis 
when use is started until the period expires, or the like, and the ID of an album indicates album contents consisting of 
single contents to be encrypted by the content key K^. The ID of a content provider indicates an ID of a content provider 
2 that encrypts album contents. 

[0376] The version of a key indicates revision information of a key (a content key K^) revised according to a usage 
40 period. The signature is attached to the entirety from the type of data to the public key certificate excluding the signature 
from data of the single contents. An algorithm and a parameter used in preparing the signature as well as a key to be 
used for verification of the signature are included in the public key certificate. 

[0377] In addition, in key data for album contents, with the addition of a signature to the entire album contents, tamper 
or the like can be checked for key data of each single content as well together with key data of the album contents 
45 simply by verifying the signature without respectively verifying key data for a plurality of single contents stored in key 
data for the album contents, hence, the verification of a signature can be thereby simplified. 

[0378] Figure 51 illustrates operations of mutual authentication of an encryption processing section 65 and an ex- 
tension section 66, in which one common key uses DES that is a common key encryption. In Figure 51, given that A 
is an extension section 66 and B is an encryption processing section 65, the encryption processing section 65 generates 
50 a random number R 8 of 64 bits, and transmits R B and ID B that is its own ID to the extension section 66 via an upper 
controller 62. The extension section 66 having received the transmission generates a random number R A anew, en- 
crypts R A , R B and ID B using a key K AB in a CBC mode of DES, and returns them to the encryption processing section 
65 via tie upper controller 62. 

[0379] The CBC mode of DES is a method for applying exclusive OR to immediately preceding output and input and 
55 encrypting them when conducting encryption. In this example, 

X=DES (K AB , R A +IV) IV=initial value, +: exclusive OR 
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Y=DES (Kab, R b +X) 



s 2=DES (K AB , ID B +Y) 

and outputs are X, Y, Z. In these equations, DES (K AB , R A +IV) represents encrypting data R A +IV with DES using a 
key Kab, Y=DES (K^, R b +X) represents encrypting data R B +X with DES using the key K^, and 2=DES (K^, ID B +Y) 
represents encrypting data ID B +Y with DES using the key K AB . 

10 [0380] The encryption processing section 65 having received the data decrypts the received data with the key K^, 
and inspects whether R B and ID B match transmitted data. When the data passes the inspection, the extension section 
66 is authenticated as a legal one. Subsequently, a session key (i.e., a temporary key K^p, which is generated by a 
random number) SK AB , R B , R A and SK AB are encrypted using the key in a CBC mode of DES and transmitted to 
the extension section 66 via the upper controller 62. The extension section 66 having received the transmission decrypts 

15 the received data with the key K AB , and inspects whether R B and R A match the one transmitted by the extension section 
66. When the data passes the inspection, the encryption processing section 65 is authenticated as a legal one, and 
the data SK AB is used for subsequent communications as a session key. Further, in examining the received data, if 
illegality or mismatching is found, mutual authentication is deemed failed and the processing is terminated. 
[0381] Figure 52 illustrates operation of mutual authentication between a mutual authentication module 95 in an 

20 encryption processing section 65 of a home server 51 and a mutual authentication module (not shown) in an encryption 
processing section 73 of a fixed apparatus 52 using an elliptical curve encryption of 160 bit length that is a public key 
encryption. In Figure 52, given that A is an encryption processing section 73 and B is an encryption processing section 
65, the encryption processing section 65 generates a random number R B of 64 bits, and transmits it to a fixed apparatus 
52 via an upper controller 62 and a transmission section 61 . The fixed apparatus 52 having received the random 

25 number generates a random number R A of 64 bits anew and a random number A* smaller than a sample number p 
in the encryption processing section 73. Then, the fixed apparatus 52 finds a point A v that is a base point G multiplied 
by A K , connects R A , R B , A v (x coordinates and Y coordinates) (64 bits + 64 bits + 160 bits + 160 bits = 448 bits), and 
generates signature data A.Sig with a secret key held by itself with respect to the data. Further, since scalar times of 
a base point is the same as the method described in the generation of a signature of Figure 10, its description is omitted. 

30 Connection of data is such data of 32 bits which, when data A of 16 bits and data B of 16 bits are connected, data of 
upper 16 bits is A and data of lower 16 bits is B. Since generation of a signature is the same as the method described 
in the generation of a signature of Figure 10, its description is omitted. 

[0382] Then, the encryption processing section 73 transfers R A , R B and A v as well as the signature data A.Sig to 
the upper controller 72, and the upper controller 72 adds a public key certificate for the fixed apparatus 52 (stored in 

35 a small storage section 75), and transmits them to a home server 51 via a communication section 71. Since the public 
key certificate is illustrated in Figure 32, its detailed description is omitted. The home server 51 having received this 
verifies a signature of the public key certificate of the fixed apparatus 52 in the encryption processing section 65. Since 
the verification of the signature is the same as the method described in the verification of the signature of Figure 11, 
its description is omitted. Then, the encryption processing section 73 inspects whether the random number RB among 

40 the transmitted data is identical with the one transmitted by the encryption processing section 65, and if it is identical, 
verifies the signature data A. Sig. When the verification is successful, the encryption processing section 65 authenti- 
cates the encryption processing section 73. Further, since the verification of the signature is the same as the method 
described in the verification of the signature of Figure 11, its description is omitted. Then, the encryption processing 
section 65 generates a random number B K smaller than the sample number p, finds a point B v that is the base point 

45 G times B K , connects R B , R A and By (x coordinates and Y coordinates) , and generates signature data B.Sig with a 
secret key held by itself with respect to the data. Finally, the encryption processing section 65 transfers Rp, R A and By 
as well as the signature data B.Sig to the upper controller 62, and the upper controller 62 adds a public key certificate 
for the home server 51 (stored in a mass storage section 68) and transmits them to the fixed apparatus 52 via the 
communication section 61 . 

50 [0383] The fixed apparatus 52 having received this verifies the signature of the public key certificate of the home 
server 51 in the encryption processing section 73. Then, the fixed apparatus 52 inspects whether the random number 
R A among the transmitted data is identical with the one transmitted by the encryption processing section 73, and if it 
is identical, verifies the signature data B. Sig. When the verification is successful, the encryption processing section 
73 authenticates the encryption processing section 65. 

55 [0384] When both the data was successful in verification, the encryption processing section 65 calculates B K A v 
(although B K is a random number, since A v is a point on an elliptic curve, scalar times calculation of a point on an 
elliptic curve is necessary), the encryption processing section 73 calculates By, and the lower 64 bits of X coordinates 
of these points are used for subsequent communications as a session key (a temporary key K^p) (if the common key 
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encryption is the common key encryption of the 64 bit key length). Incidentally, the session key to be used for commu- 
nication is not limited to the lower 64 bit of the X coordinates, but the lower 64 bits of the Y coordinates may be used. 
Further, in secret communication after mutual authentication, data is not only encrypted with the temporary key K^p, 
but also a signature may be added to the encrypted transmission data. 
5 [0385] In verifying a signature and received data, if illegality or mismatching is found, mutual authentication is deemed 
failed and the processing is terminated. 

[0386] Figure 53 illustrates operations when a settlement available apparatus in the user home network 5 transmits 
charge information to the electronic distribution service center 1. The settlement available apparatus in the user home 
network 5 retrieves an object apparatus that it should settle on behalf of the network from registration information, 

10 conducts mutual authentication, and has the charge information encrypted with the shared temporary key (which 
is different for each mutual authentication) sharing the charge information and sent (a signature is attached to the data 
then) . After finishing processing for all the apparatuses, the settlement available apparatus mutually authenticates 
with the electronic distribution service center 1 , encrypts all the charge information with the shared temporary key, 
attaches signature data to these, and transmits them to the electronic distribution service center 1 together with a 

15 handling policy and price information, if necessary. Further, since an ID of a handling policy, an ID of price information 
and the like that are necessary for distribution of an amount are included in the charge information to be transmitted 
to the electronic service center 1 from the user home network 5, a handling policy or price information with large 
information amount is not necessarily transmitted. The user management section 1 8 receives this. The user manage- 
ment section 18 verifies signature data with respect to the received charge information, registration information^han- 

20 dling policy and price information. Since the verification of a signature is the same as the method described in Figure 
11, details are omitted. Then, the user management section 18 decrypts the charge information with the temporary 
key K temp that is shared for mutual authentication, and transmits the charge information to the history data management 
section 15 together with the handling policy and the price information. 

[0387] Incidentally, in this embodiment, data to be transmitted after mutual authentication is encrypted with the tem- 
25 porary key K^p, if necessary. For example, since, if contents of a content key and a handling key are seen, 
data is illegally utilized, it is necessary to encrypt them with the temporary key and makes them invisible from 
outside. On the other hand, since, even if contents of charge information and license conditions information are seen, 
data cannot be illegally utilized, it is not always necessary to encrypt them with the temporary key K^p, but damages 
to parties relating to receipt of an amount are generated if, for example, an amount of charge information is tampered 
30 or usage conditions of license conditions information is tampered to be loose. Therefore, tamper is prevented by at- 
taching a signature to the charge information or the license conditions information. However, a signature may be at- 
tached if a content key or a delivery key K d is transmitted. 

[0388] Then, a transmitting side generates a signature to data to be transmitted or data that is the data encrypted 
by the temporary key K^p, and transmits the data and the signature. The receiving side obtains data by verifying the 
35 signature if the transmitted data is not encrypted by the temporary key K^p, or obtains data by decrypting the data 
with the temporary key K^p after verifying the signature if the transmitted data is encrypted by the temporary key 
Ktemp- ,n embodiment, data to be transmitted after mutual authentication may be applied encryption by a signature 
or a temporary key K^p, if necessary. 

[0389] The user management section 18 receives a delivery key K d from the key server 14, encrypts it with a shared 
40 temporary key K temp to add signature data, prepares registration information from the user registration database, and 
transmits the delivery key 1^, the signature data and the registration information encrypted by the temporary key K^p 
to a settlement available apparatus in the user home network 5. Since a method of preparing registration information 
is just as described in Figure 8, its detailed description is omitted here. 

[0390] When executing settlement, the chart billing section 19 receives charge information, a handling policy, if nec- 
45 essary, and price information from the history data management section 15, calculates a charge amount billed to a 
user, and transmits billing information to the user. The receipt and disbursement section 20 communicates with a bank, 
or the like, and executes settlement processing. On that occasion, if there is information such as outstanding fees or 
the like of the user, the information is transmitted to the charge billing section 19 and the user management section 
18 in the form of a settlement report, reflected on the user registration database, and referred to upon subsequent user 
50 registration processing or settlement processing. 

[0391] The settlement available in the user home network 5 having received the delivery key Kj, the signature data 
and the registration data encrypted by the temporary key K^p updates stored registration information, at the same 
time, inspects the registration information, and if registration is made, encrypts the delivery key with the temporary 
key K^p after verifying the signature data, updates a delivery key K# stored in the storage module in the encryption 
55 processing section, and deletes charge information in the storage module. Subsequently, the settlement available 
apparatus retrieves an object apparatus that it should settle on behalf of the network from the registration information, 
conducts mutual authentication for each apparatus found by the retrieval, encrypts the delivery key read out from 
the storage module of the encryption processing section with a temporary key K^p that is different for each apparatus 



34 



EP 1 128 598 A1 



found by the retrieval, and attaches a signature for each apparatus to send it to each apparatus together with the 
registration information. The processing ends when_all the object apparatuses that the apparatus should settle on 
behalf of the network are finishes. 

[0392] The object apparatus having received the data inspects the registration information as the settlement available 
5 apparatus did, decrypts the delivery key K d with the temporary key after verifying the signature data, updates 
the delivery key in the storage module, and deletes charge information. 

[0393] Further, for an apparatus marked "registration unavailable" in the registration item of the registration informa- 
tion, since fee is not charged, update of the delivery key K d and deletion of the charge information are not conducted 
(contents of the registration items may be various cases that are not described such as stoppage of every actions 

10 including use, stoppage of purchase processing, state in which processing was conducted normally). 

[0394] Figure 54 illustrates operations of profit distribution processing of the electronic distribution service center 1. 
The history data management section 15 maintains and manages charge information transmitted from the user man- 
agement section 18, a handling policy, if necessary, and price information. The profit distribution section 16 calculates 
profit for each of the content provider 2, the service provider 3 and the electronic distribution service center 1 from the 

15 chargennformation, the handling policy, if necessary, and the price information transmitted from the history data man- 
agement section 15, and transmits the results to the service provider management section 11, the content provider 
management section 12 and the receipt and disbursement section 20. The receipt and disbursement section 20 com- 
municates with a bank or the like, and conducts settlement The service provider management section 11 transmits 
distribution information received from the profit distribution section 16 to the service provider 2. The content provider 

20 management section 12 transmits the distribution information received from the profit distribution section 16 to the 
content provider 3. 

[0395] The audit section 21 receives charge information, a handling policy and price information from the history 
data management section 15, and audits if there is any inconsistency in data. For example, the audit section 21 audit 
if a price in the charge information coincides with data of the price information, if a distribution ratio is coincides, or the 

25 like, and audits if the handling policy and the price information coincide each other. In addition, as processing of the 
audit section 21. there are processing for auditing the coincidence between an amount received from the user home 
network 5 and a total amount of a distributed profit or an amount transferred to the service provider 3, and processing 
for auditing whether or not, for example, a content ID or a service provider ID that could not exist or an impossible 
share, price or the like is included in data in the charge information supplied from an apparatus in the user home 

30 network 5. 

[0396] Figure 55 illustrates operations of processing in the electronic distribution service center 1 for transmitting 
utilization results of contents to JASRAC. The history data management section 15 transmits charge information indi- 
cating utilization results of contents by a user to the copyright management section 13 and the profit distribution section 
16. The profit distribution section 16 calculates a billing amount to JASRAC and a payment amount from the charge 
35 information, and transmits payment information to the receipt and disbursement section 20. The receipt and disburse- 
ment section 20 communicates with a bank or the like, and executes settlement processing. The copyright management 
section 1 3 transmits the utilization results of contents by the user to JASRAC. 

[0397] Processing of the EMD system will now be described. Figure 56 is a flow chart illustrating processing of 
distribution and reproduction of contents of this system. In step S40, the content provider management section 12 of 

40 the electronic distribution service center 1 transmits an individual key Kj encrypted by a delivery key K d and a public 
key certificate of the content provider 2 to the content provider 2, and the content provider 2 receives this. Details of 
the processing will be described later with reference to a flow chart of Figure 57. In step S41 t a user operates an 
apparatus (e.g., the home server 51 of Figure 15) of the user home network 5, and registers the apparatus of the user 
home network 5 in the user management section 18 of the electronic distribution service center 1. Details of this reg- 

45 istration processing will be described later with reference to a flow chart of Figure 59. In step S42, the user management 
section 18 of the electronic service center 1, after mutually authenticating with the user home network 5 as described 
above with reference to Figure 52, transmits the delivery key to the apparatus of the user home network 5. The 
user home network 5 receives the key. Details of this processing will be described with reference to a flow chart of 
Figure 62. 

50 [0398] In step S43, the signature generation section 38 of the content provider 2 generates a content provider secure 
container, and transmits it to the service provider 3. Details of this processing will be described later with reference to 
a flow chart of Figure 65. In step S44, the signature generation section 45 of the service provider 3 generates a service 
provider secure container, and transmits it to the user home network 5 via the network 4. Details of this transmission 
processing will be described later with reference to a flow chart of Figure 66. In step S45, the purchase module 94 of 

55 the user home network 5 executes purchase processing. Details of the purchase processing will be described later 
with reference to a flow chart of Figure 67. In step S46. a user reproduces contents in an apparatus of the user home 
network 5. Details of the reproduction processing will be described later with reference to a flow chart of Figure 72. 
[0399] Figure 57 is a flow chart illustrating details of processing, which corresponds to S40 of Figure 56, in which 
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the electronic distribution service center 1 transmits an individual key K,, an individual key K> encrypted by a delivery 
key K d and a public key certificate to the content provider 2, and the content provider 2 receives these. In step S50, 
the mutual authentication section 17 of the electronic distribution service center 1 mutually authenticates with the 
mutual authentication section 39 of the content provider 2. Since the mutual authentication processing was described 
5 in Figure 52 its details are omitted. When it is confirmed that the content provider 2 is a legal provider with the mutual 
authentication, in step S51, the content provider 2 receives the individual key Kj, the individual key K } encrypted by the 
delivery key and the certificate transmitted from the content provider management section 12 of the electronic 
distribution service center 1. In step S52, the content provider 2 stores the received individual key K, in the tamper 
resistant memory 40A, and stores the individual key Kj encrypted by the delivery key K d and the certificate in the 

10 memory 40B. xjr ^ ^ ... 

[0400] In this way, the content provider 2 receives an individual key K,, an individual key K, encrypted by a delivery 
key K d and a certificated from the electronic distribution service center 1. Similarly, in an example in which processing 
of the flow chart shown in Figure 56 is conducted, the service provider 3, in addition to the content provider 2, receives 
an individual key K, (which is different from the individual key Kj of the content provider 2), an individual key K, encrypted 

is by a delivery key K d and a certificate from the electronic distribution service center 1 with similar processing as that in 

[0401] ^Further the memory 40A is desirably a tamper resistant memory whose data is not read out by a third party 
because it maintains an individual key that should be maintained secretly by the content provider 2, but hardware 
limitation is not necessary (e.g., a hard disk in a room to which entry is controlled, a hard disk of a personal computer 
20 whose password is controlled, or the like may suffice) . In addition, the memory 40B may be any apparatus such as 
an ordinary storage apparatus or the tike because it only stores an individual key Kj encrypted by a delivery key 
and a certificate of the content provider 2 (does not need to be kept secret). Further, the memories 40A and 40B may 
be united. 

[04021 Figure 58 is a flow chart illustrating processing in which the home server 51 registers settlement information 
25 in the user management section 18 of the electronic distribution service center 1. In step S60, the home server 51 
mutually authenticates a public key certificate stored in the mass storage section 68 with the mutual authentication 
section 17 of the electronic distribution service center 1 in the mutual authentication module 95 of the encryption 
processing section 65. Since this authentication processing is similar to that described with reference to Figure 52, 
description is omitted here. A certificate that the home server 51 transmits to the user management section 18 of the 
30 electronic distribution service center 1 in step S60 includes data (a public key certificate of a user apparatus) shown 
in Figure 32. 

[0403] In step S61, the home server decides whether or not a registration of an individual s settlement information 
(such as a user's credit card number, a settlement organization's account number, or the like) is a new registration, 
and rf it is decided that it is a new registration, the processing proceeds to step S62. In step S62, a user input the 
35 individual's settlement information using the inputting means 63. The data is encrypted in the encryption unit 112 using 
a temporary key K^p, and is transmitted to the user management section 18 of the electronic distribution service 
center 1 via the communication section 61. 

[0404] In step S63, the user management section 18 of the electronic distribution service center 1 takes out an ID 
of an apparatus from the received certificate, and retrieves through the user registration database shown in Figure 7 

40 based on the ID of an apparatus. In step S64, the user management section 18 of the electronic distribution service 
center 1 decides whether or not registration of an apparatus having the received ID is possible, and if it is decided that 
the registration of an apparatus having the received ID is possible, the processing proceeds to step S65, and the user 
management section 18 decides whether or not the apparatus having the received ID is a new registration. In step 
S65 if it is'decided that the apparatus having the received ID is a new registration, the processing proceeds to step S66. 

45 [0405] In step S66, the user management section 1 8 of the electronic distribution service center 1 issues a settlement 
ID anew and at the same time, decrypts the settlement information encrypted by the temporary key, registers the 
settlement ID and settlement information by associating them with an ID of the apparatus in the settlement information 
database that stores an apparatus ID, a settlement ID, settlement information (an account number, a credit card number 
or the like), transaction suspension information, and the like, and registers a settlement ID in the user registration 

50 database. In step S67, the user management section 18 prepares registration information based on data registered in 
the user registration database. Since this registration information is described in Figure 8, its details are omitted. 
[0406] In step S68. the user management section 18 of the electronic distribution service center 1 transmits the 
prepared registration information to the home server 51. In step S69, the upper controller 62 of the home server 51 
stores the received registration information in the mass storage section 68. 

55 [0407] In step S61 , if it is decided that the registration of the settlement information is an updated registration, the 
processing proceeds to step S70, and the user inputs the individual's settlement information using the inputting means 
63. The data is encrypted in the encryption unit 112 using a temporary key K^p, and transmitted to the user manage- 
ment section 18 of the electronic distribution service center 1 via the communication section 61 together with the 
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registration information already issued upon settlement registration. 

[0408] In step S64, if it is decided that registration of an apparatus having a received ID is indispensable, the process- 
ing proceeds to step S7 1 , where the user management section 1 8 of the electronic distribution service center 1 prepares 
registration information of registration rejection, and the processing proceeds to step S68. 

5 [0409] In step S65, if it is determined that the apparatus having the received ID is not a new registration, the process- 
ing proceeds to step S72, where the user management section 18 of the electronic distribution service center 1 decrypts 
the settlement information encrypted by the temporary key, and updates and registers it in the settlement information 
registration database by associating it with the ID of the apparatus, and the processing proceeds to step S67. 
[0410] In this way, the home server 51 is registered in the electronic distribution service center 1. 

10 [041 1] Figure 59 is a flow chart illustrating processing for registering an I D of an apparatus in registration information 
anew. Since mutual authentication processing in step S80 is similar to the processing described in Figure 52, details 
are omitted. Since step S81 is the same as step S63 of Figure 58, its description is omitted. Since step S82 is the 
same as step S64 of Figure 58, its description is omitted. In step S83, the user management section 18 of the electronic 
distribution service center 1 sets a registration item corresponding to an apparatus ID in the user registration database 

15 as "registration, " and registers the apparatus ID. In step S84, the user management section 18 of the electronic dis- 
tribution service center 1 prepares registration information as shown in Figure 8 based on the user registration database. 
Since step S85 is the same as step S68 of Figure 58, its description is omitted. Since step S86 is the same as the step 
S69 of figure 58, its description is omitted. 

[0412] In step S82, if it is decided that registration of an apparatus having a received ID is indispensable, the process- 

20 jng proceeds to step S87, where the user management section 1 8 of the electronic distribution service center 1 prepares 
registration information of registration rejection, and the processing proceeds to step S85. 
[0413] In this way, the home server 51 is registered in the electronic distribution service center 1. 
[0414] Figure 60 is a flow chart illustrating processing in additionally registering another apparatus via an already 
registered apparatus. Here, an example in which the home server 51 is already registered and the fixed apparatus 52 

25 is registered therein will be described. In step S90, the home server 51 mutually authenticates with the fixed apparatus 
52. Since mutual authentication processing is similar to the processing described in Figure 52, its description is omitted. 
In step S91, the home server 51 mutually authenticates with the electronic distribution service center 1. In step S92, 
the home server 51 transmits the registration information read out from the mass storage section 68 and the certificate 
of the fixed apparatus 52 obtain when mutually authenticating with the fixed apparatus 52 in step S90 to the electronic 

30 distribution service center 1. Since step S93 is the same as step S81 of Figure 59, its description is omitted. Since 
step S94 is the same as step S82 of fig. 59, its description is omitted. Since step S95 is the same as step S83 of Figure 
59, its description is omitted. In step S96, the user management section 18 of the electronic distribution service center 
1 prepares registration information anew with information of the fixed apparatus 52 added in addition to the registration 
information received from the home server 51. Since step S97 is the same as step S85 of Figure 59, its description is 

35 omitted. Since step S98 is the same as step S86 of Figure 59, its description is omitted. 

[041 5] Then, in step S99A, the home server 51 transmits the received registration information to the fixed apparatus 
52, and in step S99B, the fixed apparatus 52 stores the received registration information in the small storage section 75. 
[041 6] In step S94, if it is decided that registration of an apparatus having a received ID is indispensable, the process- 
ing proceeds to step S99, where the user management section 1 8 of the electronic distribution service center 1 prepares 

40 registration information indicating that only the fixed apparatus 52 is rejected registration (therefore, the home server 
51 stays registered), and the processing proceeds to step S97 (the fact that the home server 51 has succeeded in 
mutual authentication with the electronic distribution service center 1 means that the home server 51 is registrable.) 
[0417] In this way, the fixed apparatus 52 is additionally registered in the electronic distribution service center 1 by 
the processing procedures indicated in Figure 60. 

45 [0418] Timing for a registered apparatus to conduct update of a registration (update of registered information) will 
now be described. Figure 61 illustrates processing procedures for determining whether or not to conduct update of 
registered information based on various conditions, and in step S600, the home server 51 determines whether or not 
a predetermined period that is decided in advance has passed since obtaining a delivery key Kj, registration information 
or charge information by a clock (not shown) and a determination section (not shown). If a positive result is obtained 

50 here, this means that the predetermined period has passed since obtaining a delivery key registration information 
or charge information, then, the processing proceeds to step S607, where the home server 51 executes update process- 
ing of registration information. This processing will be described later in Figure 62. 

[0419] On the other hand, if a negative result is obtained in step S600, this means that a predetermined period has 
not passed since obtaining a delivery key or charge information, that is updating conditions of registration information 
55 with respect to passage of a period has not been met, and then, the processing proceeds to step S601 . 

[0420] In step S601 , the home server 51 determines whether or not the number of times of purchasing contents has 
reached a prescribed number of times. If a positive result is obtained here, the processing moves to step S607, where 
the home server 51 executes registration information updating processing, whereas, if a negative result is obtained in 
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step S601 , this means that updating conditions of registration information has not been met with respect to the number 
of times of purchasing contents, thus, the processing proceeds to step S602. 

[0421] !n step S602, the home server 51 determines whether or not a purchase amount of contents has reached a 
prescribed amount. If a positive result is obtained here, the processing moves to step S607, where the home server 
5 51 execute registration information updating processing, whereas, if a negative result is obtained in step S602, this 
means that updating conditions of registration information has not been met with respect to a purchase amount of 
contents, the processing proceeds to the following step S603. 

[0422J In step S603, the home server 51 determines whether or not an effective period of a delivery key K d has 
expired. As means for determining whether or not an effective period of a delivery key has expired, whether or not 

10 a version of a delivery key of distributed data coincides with a version of any of three versions of delivery keys K# 
stored in the storage module 92, or whether or not a version of a delivery key of distributed data is older than a 
version of the latest delivery key K d . If the versions does not coincide or if the version of the delivery key is older than 
the version of the latest delivery key K d , this means that the effective period of the delivery key in the storage module 
92 has expired, and the home server 51 obtains a positive result in step S603, thus the processing proceeds to step 

*5 S603, where the home server 51 executes updating processing of registration information. On the other hand, if a 
negative result is obtained in step S603, this means that the updating conditions of registration information has not 
been met with respect to an effective period of a delivery key K^, then the processing proceeds to the following step 
S604. 

[0423] In step S604, the home server 51 determines if there is a change in a network configuration, such as whether 

20 or not another apparatus has been connected to the home server 51 anew, or whether or not another apparatus con- 
nected to the home server 51 has been disconnected, if a positive result is obtained here, this means that there has 
been a change in the network configuration, and then, the processing proceeds to step S607, where the home server 
51 executes the updating processing of registration information. On the other hand, if a negative result is obtained in 
step S604, this means that the updating conditions of registration information is not met with respect to a network 

25 configuration, and the processing proceeds to the following step S605. 

[0424] In step S605, the home server 51 determines whether or not there has been a registration information updating 
request from a user, and if there has been a registration information updating request, the processing proceeds to step 
S607, where the home server 51 executes the updating processing of registration information, and if there has been 
no registration information updating request, the processing proceeds to step S606. 

30 [0425] In step S606, the home server 51 conducts the update determination in the above-mentioned steps S600 
through S605 with respect to other apparatuses connected to the home server 51 , if a determination result indicating 
that updating should be made is obtained, the processing proceeds to step S607, where the home server 51 executes 
the updating processing of registration information, whereas, if a determination result indicating that updating should 
be made is not obtained, the home server 51 repeats similar processing from the above-mentioned step S600. Thus, 

35 the home server 5 1 can obtain timing for executing the updating processing of registration information. Further, another 
apparatus may check its own update starting conditions and send a request to the home server 51 by itself instead of 
the home server 51 checking update starting conditions of another apparatus. 

[0426] Figure 62 is a flow chart illustrating operations for a registered apparatus updating a registration (update of 
registered information), executing settlement processing, and receiving re-distribution of a delivery key Since mutual 

40 authentication processing in step S100 is similar to the processing described in Figure 52, its description is committed. 
In step S101, the home server 51 encrypts charge information stored in the storage module 92 using a temporary key 
K temp in the encryption unit 112 of the encryption processing section 96, generates a signature by the signature gen- 
eration unit 114, and adds a signature. Then, the home server 51 transmits the encrypted charge information and its 
signature to the electronic distribution service center 1 together with a handling policy, price information and registration 

45 information stored in the mass storage section 68. Further, at this moment, the handling policy and the price information 
may not be sent by a model. This is because, in some cases, the content provider 2 and the service provider 3 have 
transmitted them to the electronic distribution service center 1 in advance, or necessary information among the handling 
policy and the price information is included in the charge information. 

[0427] Since step S 102 is the same as step S81 of Figure 59, its description is omitted. Since step S 103 is the same 
50 as step S82 of Figure 59, its description is omitted, in step S104, the user management section 18 of the electronic 
distribution service center 1 verifies a signature by the signature verification unit 115, decrypts received charge infor- 
mation by a temporary key (if an electronic signature is attached to the received data, it is verified by the signature 
verification unit 115), and (if received) transmits the charge information to the history data management section 15 
together with the handling policy and the price information. The history data management section 15 having received 
55 this maintains and manages the received data. 

[0428] In step S105, the user management section 18 of the electronic distribution service center 1 verifies a regis- 
tration item corresponding to an apparatus ID in the user registration database, and at the same time, updates data. 
For example, the data is such data as a registration date or a charge status (not shown) . Since step S106 is the same 
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as step S84 of Figure 59, its description is omitted. In step S107, the user management section of the electronic 
distribution service center 1 encrypts a delivery key supplied from the key server 14 by a temporary key K^p, and 
transmits the delivery key to the home server 51 together with registration information. 

[0429] In step S108, the home server 51 stores the received registration information in the mass storage section 68. 

5 In step S109, the home server 51 inputs the received registration information in the encryption processing section 65, 
where the home server 51 verifies an electronic signature included in the registration information by the signature 
verification unit 115, and at the same time, causes the unit to confirm if an apparatus ID of the home server 51 is 
registered, and when the verification is successful and it is confirmed that the charge processing is completed, the 
processing proceeds to step S110. In step S110, the home server 51 input the received delivery key to the encryption 

10 processing section 65. In the encryption processing section 65, the home server 51 decrypts the received delivery key 
using a temporary key K temp by the decryption unit 111 of the encryption/decryption module 96, stores (updates) 
the delivery key in the storage module 92, and deletes charge information held in the storage module 92 (this makes 
settlement completed). 

[0430] In step S1 03, if it is decided that registration of an apparatus having the received ID is impossible, the process- 
15 jng proceeds to step S111, where the user management section 18 of the electronic distribution service center 1 pre- 
pares registration information indicating that registration is rejected, and the processing proceeds to step S112. In step 
S112, which is different from step S107, only registration information is transmitted to the home server 51. 
[0431] In step S109, if verification of a signature included in the registration information is failed, or if "registration 
possible" is not written in an item of "registration" (e.g.. charge processing failed - purchase processing not available, 
20 registration rejected - functions of the encryption processing section including processing such as reproduction stopped, 
transaction temporarily stopped - charge processing successful, but purchase is stopped due to some reason, etc. are 
possible) included in the registration information, the processing proceeds to step S113, and a predetermined error 
processing is performed. 

[0432] In this way, the home server 51 updates registration information, at the same time, transmits charge informa- 

25 Won to the electronic distribution service center 1, and receives supply of a delivery key in return. 

[0433] Figures 63 and 64 illustrate flow charts describing processing for settlement, update of registration information, 
and update of a delivery key In step S120, the mutual authentication module 94 of the home server 51 and a mutual 
authentication module (not shown) of a fixed apparatus mutually authenticate. Since mutual authentication processing 
is the same as the processing described in Figure 52, its description is omitted. Further, as described in the mutual 

30 authentication processing, since the home server 51 and the fixed apparatus 52 mutually exchange certificates, it is 
assumed that they know their IDs each other. In step S121, the upper controller 62 of the home server 51 reads out 
registration information of the mass storage section 68, and causes the encryption processing section 65 to inspect 
the information. The encryption processing section 65 having received the registration information from the upper 
controller 62 verifies a signature in the registration information, decides if the ID of the fixed apparatus exists, and if 

35 the ID of the fixed apparatus exists in the registration information, the processing proceed to step S122. 

[0434] In step S122, the encryption processing section 65 decides whether or not the ID of the fixed apparatus 52 
is registered in the registration information, and if the ID of the fixed apparatus 52 is registered, the processing proceeds 
to step S123. In step S123, the encryption processing section 73 of the fixed apparatus 52 reads out charge information 
stored in the storage module, and encrypts the information in the encryption unit using a temporary key Kj^p. In 

40 addition, the encryption processing section 73 generates a signature corresponding to the charge information in the 
signature generation unit. Since the generation of an signature was described in Figure 10, its description is omitted. 
The upper controller 72 having received the charge information encrypted by the temporary key and its signature 
reads out a corresponding handling policy and p.rice information from the small storage section 75, if necessary, and 
transmits the charge information encrypted by the temporary key K, emp and its signature as well as the handling policy 

45 and the price information corresponding to the charge information, if necessary, to the home server 51. 

[0435] The home server 51 having received the data stores the handling policy and the price information, if received, 
in the mass storage section 68, and at the same time, inputs the charge information encrypted by the temporary key 
Ktemp and its signature in the encryption processing section 65. The encryption processing section 65 having received 
the charge information encrypted by the temporary key Kt emp and its signature verifies the signature for the charge 

50 information encrypted by the temporary key K, Gmp by the signature verification unit 115 of the encryption/decryption- 
module 96. Since the verification of a signature is the same as the processing described in Figure 11, its details are 
omitted. Then, the decryption unit 111 of the encryption/decryption module 96 decrypts the charge information encrypt- 
ed by the temporary key K^p. 

[0436] In step S124, the home server 51 mutually authenticates with the mutual authentication section 17 of the 
55 electronic distribution service center 1 , and shares a temporary key K temp2 . In step S125, the home server 51 encrypts 
the charge information transmitted from the fixed apparatus 52 by the encryption unit 112 of the encryption/decryption 
module 96 using the temporary key K tepm2 . At this moment, the home server 51 may encrypts the charge information 
of the home server 51 as well. In addition, the home server 51 generates a signature corresponding to the charge 
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information encrypted by the temporary key K tepm2 by the signature generation unit 114 of the encryption/decryption 
module 96. The upper controller 62 having received the charge information encrypted by the temporary key K^,^ 
and its signature reads out a handling policy, price information and registration information from the mass storage 
section 68, if necessary, and transmits the charge information encrypted by the temporary key an d ' ts signature, 

5 as well as the handling policy, the price information and the registration information, if necessary, to the user manage- 
ment section 18 of the electronic distribution service center 1. 

[0437J In step S126, the user management section 18 of the electronic distribution service center 1 retrieves through 
the user registration database. In step S127, the user management section 18 decides whether or not the home server 
51 and the fixed apparatus 52 are registered as registrable in the item "registration" in the user registration database, 

10 and if it is decided that they are registered, the processing proceeds to step S128. In step S1 28, the user management 
section 1 8 of the electronic distribution service center 1 verifies a signature for the charge information encrypted by 
the temporary key K temp2 , and decrypts the charge information by the temporary key K temp2 . Then, the user manage- 
ment section 18 transmits the charge information as well as the handling policy and the price information, if received, 
to the history data management section 15. The history data management section 15 having received the charge 

15 information as well as the handling policy and the price information, if received, manages and stores the data. 

[0438] In step S129, the user management section 1 8 of the electronic distribution service center 1 updates the user 
registration database (charge data receipt data and time, issued data and time of registration information, date and 
time of a delivery key, etc.). In step S130, the user management section 18 of the electronic distribution service center 
1 prepares registration information (e.g., an example of Figure 8). In step S131, the user management section -18 of 

20 the electronic distribution service center 1 encrypts the delivery key received from the key server 14 of the electronic 
distribution service center 1 by the temporary key K temp2 , and generates a signature for the delivery key K d encrypted 
by the temporary key K^^. Then, the user management section 18 transmits the delivery key encrypted by the 
temporary key K temp2 and the signature for the delivery key encrypted by the temporary key K,^^. 
[0439] In step S132, the home server 51 receives the registration information, the delivery key encrypted by the 

25 temporary key Kt emp2 and the signature for the delivery key K d encrypted by the temporary key K,^^. The upper 
controller 62 of the home server 51 inputs the delivery key encrypted by the temporary key and the signature 

for the delivery key K d encrypted by the temporary key K\ emp 2 ' n tne encryption processing section 65. In the encryption 
processing section 65, the signature verification unit 115 of the encryption/decryption module 96 verifies the signature 
for the delivery key encrypted by the temporary key K,^^, the decryption unit 111 of the encryption/decryption 

30 module 96 decrypts the delivery key K d using the temporary key K^^, and the encryption unit 112 of the encryption/ 
decryption module 96 re-encrypts the encrypted delivery key using the temporary key K^p shared with the fixed 
apparatus 52. Finally, the signature generation unit 114 of the encryption/decryption module 96 generates a signature 
corresponding to the delivery key encrypted using the temporary key K^p, and returns the delivery key K d encrypted 
by the temporary key K temp and the signature for the delivery key 1^ encrypted by the temporary key K temp . The upper 

35 controller 62 having received the delivery key K d encrypted by the temporary key K temp and the signature for the delivery 
key K d encrypted by the temporary key K temp , transmits them to the fixed apparatus 52 together with the registration 
information transmitted from the electronic distribution service center 1. 

[0440] In step S1 33, the upper controller 72 of the fixed apparatus 52 overwrites and stores the received registration 
information in the small storage section 75. In step S134, the encryption processing section 73 of the fixed apparatus 

40 52 verifies a signature of the received registration information, decides whether or not the item with respect to "regis- 
tration" in the ID of the fixed apparatus 52 is marked "registration possible," and if it is marked "registration possible," 
the processing proceeds to step S135. In step S135, the upper controller of the fixed apparatus 52 inputs the delivery 
key K d encrypted by the temporary key K temp and the signature for the delivery key K$ encrypted by the temporary key 
K temp in the encryption processing section 73. The encryption processing section 73 verifies the signature for the 

45 delivery key K d encrypted by the temporary key Kj^p, decrypts the delivery key K d using the temporary key ^^p, 
updates the delivery key K d in the storage module of the encryption processing section 73, and at the same time, 
deletes the charge information (further, in some case, the charge information is not deleted, but is attached a mark 
indicating it is settled). 

[0441] In step S121, if the ID of the fixed apparatus 52 is not included in the registration information, the processing 
50 proceeds to step S136, the registration information addition processing described in Figure 60 is started, and the 
processing proceeds to step S123. 

[0442] In step S127, if the ID of the home server 51 and the ID of the fixed apparatus 52 are not marked "registration 
possible" with respect to the item "registration" in the user registration database, the processing proceeds to step S137. 
Since the step S137 is the same as step S130, its details are omitted. In step S138, the user management section 18 
55 of the electronic distribution service center 1 transmits the registration information to the home server 51 . In step S1 39, 
the home server 51 transmits the registration information to the fixed apparatus 52. 

[0443] In step S122, the item "registration" with respect to the ID of the fixed apparatus 52 in the registration infor- 
mation is not marked "registration possible, " or in step S134, the item "registration" with respect to the ID of the fixed 
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apparatus 52 in the registration information is not marked "registration possible," the processing ends . 
[0444] Further, processing on behalf of the network according to this system is described as only for processing of 
the fixed apparatus 52, all pieces of charge information of all the apparatuses connected to the home server 51 and 
the home server 51 itself may be collected and processed altogether. Then, registration information and delivery keys 
5 K d of all the apparatuses are updated. (In this embodiment, received registration information and a delivery key are 
not checked at all in the home server 51 . If processing of the home server 51 itself is performed altogether, they should 
be checked and updated.) 

[0445] Processing in which the content provider 2 transmits a content provider secure container to the service pro- 
vider 3, which corresponds to step S43 of Figure 56, will be described with reference to a flow chart of Figure 65. In 

10 step S140, the electronic watermark adding section 32 of the content provider 2 inserts predetermined data indicating 
the content provider 2, for example, a content provider ID, in the contents read out from the content server 31 in the 
form of an electronic watermark, and supplies it to the compression section 33. In step S141, the compression section 
33 of the content provider. 2 compresses the contents in which the electronic watermark is inserted by a predetermined 
method such as ATRAC, and supplies to the content encryption section 34. In step S142, the content key generation 

15 section "35 generates a key to be used as a content key K^, and supplies it to the content encryption section 34 and 
the content key encryption section 36. In step S1 43, the content encryption section 34 of the content provider 2 encrypts 
the compressed contents in which the electronic watermark is inserted by a predetermined method such as DES using 
the content key K^. 

[0446] In step S144, the content key encryption section 36 encrypts the content key with the individual key K, 
20 supplied from the electronic distribution service center 1 by the processing of step S40 of Figure 56 by a predetermined 
method such as DES. In step S145, the handling policy generation section 37 provides for a handling policy of the 
contents, and generates a handling policy indicated in Figures 33 and 34. In step S1 46, the signature generation section 
38 of the content provider 2 generates signatures for the encrypted contents, the encrypted content key K^, the en- 
crypted individual key Kj, and the handling policy supplied from the handling policy generation section 37. Since the 
25 generation of a signature was described with reference to Figure 10, its description is omitted here. In step S147, the 
content provider 2 transmits the encrypted contents and its signature, the encrypted content key and its signature, 
the encrypted individual key K, and its signature, the handling policy and its signature (these four data with signatures 
will be hereinafter referred to as a content provider secure container), the certificate of the content provider 2 obtained 
from the authentication station in advance to the service provider 3 using a transmission section (not shown). 
30 [0447] As described above, the content provider 2 transmits the content provider secure container to the service 
provider 3. 

[0448] Processing in which the service provider 3 transmits a service provider secure container to the home server 
51 will now be described with reference to a flow chart of Figure 66. Further, description is made assuming that the 
service provider 3 stores the data transmitted from the content provider 2 in the content server 41 in advance. In step 
35 S150, the certificate verification section 42 of the service provider 3 reads out the certificate of the content provider 2 
from the content server 41 , and verifies the signature in the certificate. Since the verification of a signature is the same 
as the method described with reference to Figure 11, its details are omitted. If there is no tamper in the certificate, the 
public key of the content provider 2 is taken out. 

[0449] In step S1 51 , the signature verification section 43 of the service provider 3 verifies the signature of the content 
40 provider secure container transmitted from the transmission section of the content provider 2 with the public key 

of the content provider 2. (In some cases, only the signature of the handling policy is verified.) If the verification of the 
signature is failed and tamper is found, the processing is terminated. Further, since the verification of a signature is 
the same as the method described with reference to Figure 11, its details are omitted. 

[0450] If there is no tamper in the content provider secure container, in step S 1 52, the pricing section 44 of the service 
45 provider 3 prepares price information described in Figures 37 and 38 based on the handling policy. In step S153, the 
signature generation section 45 of the service provider 3 generates a signature conesponding to the price information, 
and prepares a service provider secure container by combining the content provider secure container, the price infor- 
mation and the signature of the price information. 

[0451] In step S154, the transmission section (not shown) of the service provider 3 transmits the certificate of the 
50 service provider 3, the certificate of the content provider 2 and the service provider secure container to the transmission 
section 61 of the home server 51, and completes the processing. 

[0452] In this way, the service provider 3 transmits the service provider secure container to the home server 51. 
[0453] Details of the purchase processing of the home server 51 after receiving the proper service provider secure 
container corresponding to step S45 of Figure 56 will be described with reference to the flow chart of Figure 67. After 
55 the home server executes the registration information update processing described above with reference to Figures 
61 and 62 in step S161, in step S162, the upper controller 62 of the home server 51 inputs the registration information 
read out from the mass storage section 68 of the home server 51 in the encryption processing section 65 of the home 
server 51. After verifying the signature of the registration information by the signature verification unit 115 of the en- 
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cry pti on/decryption module 96, the encryption processing section 65 having received the registration information de- 
cides if the item "purchase processing" for the ID of the home server 51 is marked "purchase possible," and at the 
same time, inspects if the item of registration is marked "registration possible," and in case of "purchase possible" and 
"registration possible," the processing proceeds to step S163. Further, the signature verification and inspection of 
5 "registration possible" and "purchase possible" may be performed in the registration information inspection module 93. 
In step S163, the upper controller 62 of the home server 51 inputs the public key certificate of the content provider 2 
read out from the mass storage section 68 of the home server 51 in the encryption processing section 65 of the home 
server 51. 

[0454) After verifying the signature of the certificate of the content provider 2 by the signature verification unit 1 1 5 of 

10 the encryption/decryption module 96. the encryption processing section 65 having received the public key certificate 
of the content provider 2 takes out the public key of the content provider 2 from the public key certificate. If it is confirmed 
that there is not tamper as a result of the verification of the signature, the processing proceeds to step S164. Instep 
S164, the upper controller 62 of the home server 51 inputs the contents read out from the mass storage section 68 of 
the home server 51 in the encryption processing section 65 of the home server 51. The encryption processing section 

*5 65 having received the contents verifies the signature of the contents by the signature verification unit 115 of the 
encryption/decryption module 96, and if it is confirmed that no tamper is made, the processing proceeds to step S165. 
In step S165, the upper controller 62 of the home server 51 inputs the content key K^, read out from the mass storage 
section 68 of the home server 51 in the encryption processing section 65 of the home server 51. 
[0455] The encryption processing section 65 having received the content key verifies the signature of the content 

20 key by the signature verification unit 11 5 of the encryption/decryption module 96, and if it is confirmed that tamper 
is not made, the processing proceeds to step S166. In step S166, the upper controller 62 of the home server 51 inputs 
the individual key K, read out from the mass storage section 68 of the home server 51 in the encryption processing 
section 65 of the home server 51. The encryption processing section 65 having received the individual key Kj verifies 
the signature of the individual key Kj by the signature verification unit 115 of the encryption/decryption module 96, and 

25 if it is confirmed that tamper is not made, the processing proceeds to step S167. 

[0456) In step S1 67, the upper controller 62 of the home server 51 inputs the handling policy read out from the mass 
storage section 68 of the home server 51 in the encryption processing section 65 of the home server 51. The encryption 
processing section 65 having received the handling policy verifies the signature of the handling policy by the signature 
verification unit 115 of the encryption/decryption module 96, and if it is confirmed that tamper is not made, the processing 

30 proceeds to step S168. In step S168, the upper controller 62 of the home server 51 inputs the public key certificate of 
the service provider 3 read out from the mass storage section 68 of the home server 51 in the encryption processing 
section 65 of the home server 51. 

[0457) After verifying the signature of the certificate of the service provider 3 by the signature verification unit 11 5 of 
the encryption/decryption module 96, the encryption processing section 65 having received the public key certificate 

35 of the service provider 3 takes out the public key of the service provider 3 from the public key certificate. If it is confirmed 
that tamper is not made as a result of the verification of the signature, the processing proceeds to step S169. In step 
S1 69, the upper controller 62 of the home server 51 inputs the price information read out from the mass storage section 
68 of the home server 51 in the encryption processing section 65 of the home server 51. The encryption processing 
section 65 having received the price information verifies the signature of the price information by the signature verifi- 
cation unit 115 of the encryption/decryption module 96, and if it is confirmed that tamper is not made, the processing 
proceeds to step S170. 

[0458] In step S1 70, the upper controller 62 of the home server 51 displays information of purchasable contents (e. 
g., a purchasable utilization form, a price, or the like) using the displaying means 64, and a user selects a purchase 
item using the inputting means 63. A signal inputted from the inputting means 63 is transmitted to the upper controller 

45 62 of the home server 51 , and the upper controller 62 generates a purchase command based on the signal and inputs 
the purchase command in the encryption processing section 65 of the home server 51. Further, the input processing 
may be performed upon starting the purchase processing. The encryption processing section 65 having received this 
generates charge information and license conditions information from the handling policy inputted in step S167 and 
the price information inputted in step S169. Since the charge was described in Figure 42, its details are omitted. Since 

50 the license conditions information was described in Figure 41, its details are omitted. 

[0459] In step S171, the control section 91 of the encryption processing section 65 stores the charge information 
generated in step S170 in the storage module 92. In step S172, the control section 91 of the encryption processing 
section 65 transmits the license conditions information generated in step S170 to the external memory control section 
97 of the encryption processing section 65. After checking tamper of the external memory 67, the external memory 

55 control section 97 having received the license conditions information writes the license conditions information in the 
external memory 67. Tamper check in writing the license conditions information will be described latter with reference 
to Figure 69. In step S173, the control section 91 of the encryption processing section 65 decrypts the individual key 
K, inputted in step S 166 by the decryption unit 111 of the encryption/decryption module 96 using the delivery key K d 
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supplied from the storage module 92. Then, the control section 91 of the encryption processing section 65 decrypts 
the content key inputted in step S 165 by the decryption unit 111 of the encryption/decryption module 96 using the 
previously decrypted individual key Kj. Finally, the control section 91 of the encryption processing section 65 decrypts 
the content key by the decryption unit 112 of the encryption/decryption module 96 using the save key ^ supplied 

5 from the storage module 92. In step S174, the content key K^, encrypted by the save key is stored in the external 
memory 67 via the external memory control section 97 of the encryption processing section 65. 
[0460] If it is determined that the home server 51 is an apparatus that cannot perform purchase processing in step 
S162, if it is determined that the signature of the public key certificate of the content provider 2 is not correct in step 
S163! if it is determined that the signature of the contents encrypted by the content key is not correct in step S164, 

10 if it is determined that the signature of the individual key Kj encrypted by the delivery key is not correct, if it is 
determined that the signature of the handling policy is not correct in step S1 67, if it is determined that the signature of 
the certificate of the service provider 3 is not correct in step S1 68, or if it is determined that the signature of the price 
information is not correct in step S169, the processing proceeds to step S176, where the home server 51 performs 
error processing. Further, only a signature for the content key and the individual key Kj may be verified by uniting 

15 the processing of step S165 and step S166. 

[0461J As described above, the home server 51 stores the charge information in the storage module 92, and at the 
same time, after decrypting the content key by the individual key K fl encrypts the content key by the save key 
K save a P d causes the external memory 67 to store it. 

[0462] " The fixed apparatus 52 also stores the charge information in the storage module of the encryption processing 
20 section 73 by the similar processing, and at the same time, decrypts the content key by the individual key K 1t 
encrypts the content key K^, by the save key (which is different from the key of the home sever 51), and causes 

the external memory 79 to store it. 

[0463] Figure 68 is a flow chart describing a method of tamper check that the external memory control section 97 of 
the encryption processing section 65 performs when reading out data from the external memory 67. In step S 180 of 

25 Figure 68, the external memory control section 97 of the encryption processing section 65 retrieves a position of data 
to be read out from the external memory 67 (e.g., first data of the first block of Figure 16). In step S181, the external 
memory section 97 of the encryption processing section 65 calculates a hash value (a hash value of the entire first 
block of Figure 16) with respect to ail data in an identical block including data that is planned to be read out in the 
external memory 67. At this moment, data other than the data that is planned to be read out (e.g., a content key 1 and 

30 license conditions information 1) is destroyed after used for the hash value calculation. In step S182, the hash value 
calculated in step S181 and a hash value (ICV^ stored in the storage module 92 of the encryption processing section 
65 are compared. If the hash values coincide, the memory control section 97 transits the data read out in step S181 
to the control section 91 via the external memory control section 97, and if the hash values do not coincide, the process- 
ing proceeds to step S183, where the external memory control section 97 prohibits writing thereafter assuming that 

35 the memory block is tampered (wrong block). For example, given that the external memory is a flash memory of 4MB, 
it is assumed that the memory is divided into 64 blocks. Therefore, 64 hash values are stored in the storage module. 
In case of reading out data, a location where the data is first retrieved, and a hash value with respect to all data in an 
identical block including the data is calculated. Tamper is checked by determining whether or not the hash value co- 
incides with the hash value corresponding to the block in the storage module (see Figure 16). 

40 [0464] In this way, the external memory control section 97 of the encryption processing section 65 performs tamper 
check of the external memory 67, and reads out data. 

[0465] Figure 69 is a flow chart describing a method of tamper check that the external memory control section 97 of 
the encryption processing section 65 performs when writing data in the external memory 67. In step S190A of Figure 
69, the external memory control section 97 of the encryption processing section 65 retrieves a location in the external 

45 memory 67 in which data can be written. In step S191A, the external memory control section 97 of the encryption 
processing section 65 determines whether or not there is a vacant area in the external memory 67, and if it is determined 
that there is a vacant area, the processing proceeds to step S192A. In step S193A, the external memory control section 
97 compares the hash value calculated in step S192A and the hash value stored in the storage module 92 of the 
encryption processing section 65, and if the hash values coincide, the processing proceeds to step S194A. In step 

50 S194A, the external memory control section 97 writes data in a region in which data is planned to be written. In step 
S195A, the external memory control section 97 of the encryption processing section 65 recalculates a hash value with 
respect to all data in the data block in which the data is written. In step S196A, the control section 91 updates the hash 
value in the storage module 92 of the encryption processing section 65 to the hash value calculated in step S195A. 
[0466] In step S193A, if the calculated hash value is different from the hash value in the storage module 92, the 

55 control section 91 regards the memory block as a wrong block (e.g., changes the hash value to a value indicating a 
wrong block), and the processing proceeds to step S190A. 

[0467] If it is determined that there is no vacant area in the external memory 67 in step S191A, the processing 
proceeds to step S 1 98A, and in step S 1 98A, the external memory control section 97 returns a writing error to the control 
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section 91, and terminates the processing. 

[0468] In a method for renewing (updating) the externa! memory control section 97 to the external memory 67 . as 
shown in Figure 70, the external memory control section 97 of the encryption processing section 65 retrieves a location 
to which data n the external memory 67 is to be renewed. In step S192B, the external memory control section 97 of 

5 the encryption processing section 65 calculates a hash value with respect to all data in a data block that is planned to 
be renewed. In step S193B, the external memory control section 97 compares the hash value calculated in step S1 92B 
and the hash value stored in the storage module 92 of the encryption processing section 65, and if the hash values 
coincide, the processing proceeds to step S194B. In step S194B, the external memory control section 97 renews data 
in a region that is planned to be renewed. In step S195B, the external memory control section 97 of the encryption 

10 processing section 65 calculates a hash value with respect to all data in the data block to which the data is written. In 
step S196B, the control section 91 updates the hash value in the storage module 92 of the encryption processing 
section 65 to the hash value calculated in step S195B. 

[0469] In step S193B, if he calculated hash value is different from the hash value in the storage module 92, the 
control section 91 regards the memory block as a wrong block (e.g., changes the hash value to a value indicating a 

15 wrong block), and considers that the renewal is failed. * 

[0470] Method for deleting data of the external memory 79 will be described with reference to Figure 71. In step 
S190C, the external memory control section of the encryption processing section 73 retrieves a location in which data 
of the external memory 79 will be deleted. In step S1 92C, the external memory control section of the encryption process- 
ing section 73 calculates a hash value with respect to all data in a data block that is planned to be deleted. In step 

20 S193C, the external memory control section compares the hash value calculated in step S192C and the hash value 
stored in the storage module (not shown) of the encryption processing section 73, and if the hash values coincides, 
the processing proceeds to step S194C. In step S194C, the external memory control section deletes data that is planned 
to be deleted in the region that is planned to be deleted. In step S195C, the external memory control section of the 
encryption processing section 73 recalculates a hash value with respect to all the data in the data block in which the 

25 data that is planned to be deleted is deleted. In step S196C, the encryption processing section 73 updates the hash 
value in the storage module to the hash value calculated in step S195C. 

[0471] In step S193C, if the calculated hash value is different from the hash value in the storage module, the en- 
cryption processing section 73 regards the memory block as a wrong block (e.g., changes the hash value to a value 
indicating a wrong block), and considers that the deletion is failed. 

30 [0472] Details of processing in which the homes server 51 reproduces contents corresponding to step S46 of Figure 
56 will be described with reference to flow charts of Figures 72 and 73. In step S200, the upper controller 62 of the 
home server 51 inputs an ID corresponding to contents that the upper controller 62 is instructed by the inputting means 
63 of the home server 51 to reproduce in the encryption processing section 65 of the home server 51. In step S201, 
the control section 91 of the encryption processing section 65 hat has received the ID of the contents to be reproduced 

35 transmits the content I D to the external memory control section 97 of the encryption processing section 65, and causes 
the external memory control section 97 to retrieve a content key and license conditions information corresponding 
to the content ID. At this moment, the control section 91 confirms that the license conditions information is a right that 
can be reproduced. In step S202, the external memory control section 97 of the encryption processing section 65 
calculates a hash value of a data block including the content key and the license conditions information, and 

40 transmits the hash value to the control section 91 of the encryption processing section 65. In step S203, the control 
section 91 of the encryption processing section 65 determines whether or not the hash value stored in the storage 
module 92 of the encryption processing section 65 and the hash value received in step S202 coincide, and if the hash 
values coincide, the processing proceeds to step S204. 

[0473] In step S204, the control section 91 of the encryption processing section 65 updates license conditions infor- 
ms mation, if necessary. For example, if a utilization right in the license conditions information is a commutation ticket, the 
control section 91 performs processing such as for subtracting the number of times. Therefore, in case of a buy only 
right or the like that does not need to be updated, the processing jumps to step S208 (not shown) . In step S205, the 
external memory control section 97 rewrites the updated license conditions information transmitted from the control 
section 91 to the external memory 67 and updates it. In step S206, the external memory control section 97 recalculates 
50 a hash value with respect to all the data in the rewritten data block, and transmits it to the control section 91 of the 
encryption processing section 65. In step S207, the control section 91 of the encryption processing section 65 rewrites 
the hash value stored in the storage module 92 of the encryption processing section 65 to the hash value calculated 
in step S206. 

[0474] In step S208, the encryption processing section 65 and the extension section 66 mutually authenticates, and 
55 shares the temporary key K^p. Since the mutual authentication processing was described with reference to Figure 
51, its details are omitted. In step S209, the decryption unit 111 of the encryption/decryption module 96 decrypts the 
content key read out from the external memory 97 by the save key supplied form the storage module 92. In 
step S210, the encryption unit 112 of the encryption/decryption module 96 re-encrypts the content key by the 
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temporary key K temp previously shared with the extension section 66. In step S211, the control section 91 of the en- 
cryption processing section 65 transmits the content key encrypted by the temporary key K temp to the extension 
section 66 via the upper controller 62. 

[0475] In step S212, the key decryption module 102 of the extension section 66 decrypts the content key by the 
5 temporary key K^p supplied from the mutual authentication module 101. In step S213, the upper controller 62 reads 
out contents from the mass storage section 68, and supplies them to the extension section 66. The encryption module 
103 of the extension section 66 having received the contents decrypts the contents using the content key Kco supplied 
from the key decryption module 102. In step S214, the extension module 104 of the extension section 66 extends the 
contents with a predetermined method, for example, such a method as ATRAC. In step S215, the electronic watermark 
10 addition module 105 inserts the data instructed by the encryption processing section 65 in the contents in the form of 
a watermark (the data handed to the extension section from the encryption processing section is not limited to the 
content key K^, but includes reproduction conditions (an analogue output, a digital output, an output with copy control 
signal (SCMS)), an apparatus ID that purchased the content utilization right and the like. Data to be inserted is an ID 
of an apparatus that purchased the content utilization right (i.e., an apparatus ID in the license conditions information) 
15 or the like. In step S216, the extension section 66 reproduces music via a speaker (not shown). 
[0476] In this way. the home server 51 reproduces contents. 

[0477] Figure 74 is a flow chart illustrating details of processing in which the home server 51 purchases a content 
utilization right on behalf of the fixed apparatus 52. In step S220, the home server 51 and the fixed apparatus 52 
mutually authenticates. Since the mutual authentication processing is similar to the processing described in Figure 52, 

20 its description is omitted. In step S221 , the upper controller 62 of the home server 51 causes the encryption processing 
section 65 of the home server 51 to inspect registration information read out from the mass storage section 68 of the 
home server 51. The encryption processing section 65 having received the registration information from the upper 
controller 62 causes the signature verification unit 115 of the encryption/decryption module 96 to verify a signature 
attached to the registration information by a public key of the electronic distribution service center 1 supplied form the 

25 storage module 92 of the encryption processing section 65. After successful verification of the signature, the control 
section 91 of the encryption processing section 65 decides if an ID of the fixed apparatus is registered in the registration 
information and the items of -registration" and "purchase" are marked "registration possible" and "purchase possible, 
" and if it is decided that the item is marked "registration possible " the processing proceeds to step S222 (Further, the 
fixed apparatus 52 also inspects the registration information and decides that the home server is "registration possible. 

30 ") Since steps S225 to 5227 are similar to steps S160 to S171 of Figure 67, their details are omitted. 

[0478] In step S228, the control section 91 of the encryption processing section 65 decrypts the individual key Kj 
encrypted by the delivery key K d inputted in step S225 by the decryption unit 111 of the encryption/decryption module 
96 using the delivery key supplied from the storage module 92. Then, the control section 91 of the encryption 
processing section 65 decrypts the content key encrypted by the individual key Kj inputted in step S225 by the 

35 decryption unit 111 of the encryption/decryption module 96 using the individual key Kj. Then, the control section 91 of 
the encryption processing section 65 re-encrypts the content key by the encryption unit 112 of the encryption/ 
decryption module 96 using the temporary key that was shared with the fixed apparatus 52 at the time of the 

mutual authentication of step S220. In step S229, the control section 91 of the encryption processing section 65 gen- 
erates signatures using the signature generation unit 114 of the encryption/decryption module 96 with respect to the 

40 content key encrypted by the temporary key K^p and the license conditions information generated in step S226, 
and transmits them to the upper controller 62. The upper controller 62 of the homes server 51 having received the 
content key encrypted by the temporary key K temp , the license conditions information and their signatures reads 
out the contents (including a signature; hereinafter the same) encrypted by the content key from the mass storage 
section 68, and transmits the content key K^, encrypted by the temporary key K^p, the license conditions information, 

45 their signatures and the contents encrypted by the content key K^, to the fixed apparatus 52. 

[0479] In step S230, the fixed apparatus 52 having received the content key encrypted by the temporary key 
K temp. the license conditions information, their signatures and the contents encrypted by the content key outputs 
the contents encrypted by the contents key to the record reproduction section 76 after verifying the signature. The 
record reproduction section 76 of the fixed apparatus 52 having received the contents encrypted by the content key 

50 stores the contents encrypted by the content key in the recording medium 80. 

[0480] In step S231, the encryption processing section 73 of the fixed apparatus 52 decrypts the content key 
encrypted by the temporary key K^p by the decryption unit of the encryption/decryption module using the temporary 
key K^p that was shared with the homes server 51 at the time of the mutual authentication in step S220. Then, the 
control section of the encryption processing section 73 re-encrypts the content key by the encryption unit of the 

55 encryption/decryption module using the save key supplied from the storage module of the encryption processing 

section 73. 

[0481] In step S232, the encryption processing section 73 of the fixed apparatus 52 transmits the content key 
encrypted by the save key and the license conditions information received in step S230 to the external memory 
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control section of the encryption processing section 73, and causes the external memory 79 to save them. Since 
processing in which the external memory control section writes data in the external memory was described in Figure 
69, details are omitted. 

[0482] In this way, the home sever 51 purchases a content utilization right, charge information is stored in the home 

5 server 51 side, and a utilization right is transferred to the fixed apparatus 52. 

[0483] Figure 75 is a flow chart illustrating processing for changing a purchased content utilization right to another 
utilization form to purchase it Since steps S240 to S245 are similar to the processing described in Figure 67, its 
description is omitted. In step S246, the encryption processing section 65 of the home server 51 causes the external 
memory control section 97 of the encryption processing section 65 to read out license conditions information of contents 

10 whose utilization right is changed. Since reading out of data from the external memory 67 was described with reference 
to Figure 68, its details are omitted. If the license conditions information is correctly read out in step S246, the processing 
proceeds to step S247. 

[0484] In step S247, the upper controller 62 of the home server 51 displays information of content whose utilization 
right contents can be changed (e.g., a utilization form or a price whose utilization right contents can be changed) using 

15 the display means 64, and a user selects utilization right contents update conditions using the inputting means 63. The 
signal inputted from the inputting means 63 is transmitted to the upper controller 62 of the home server 51, anCJ the 
upper controller 62 generates a utilization right content change command based on the signal and inputs the utilization 
right contents change command in the encryption processing section 65 of the home server 51 . The encryption process- 
ing section 65 having received this generates charge information and new license conditions information from the 

20 handling policy received in step S243, the price information received in step S245 and the license conditions information 
read out in step S247. 

[0485] Since step S248 is similar to step S171 of Figure 67, its detailed description is omitted. In step S249, the 
control section 91 of the encryption processing section 65 outputs the license conditions information generated in step 
S247 to the external memory control section 97 of the encryption processing section 65. The external memory control 
25 section 97 overwrites the received license conditions information in the external memory 67 and updates it Since the 
method of rewriting (updating) method to the external memory 67 of the external memory control section 97 was de- 
scribed in Figure 70, its details are omitted. 

[0486] In step S246, if license conditions information corresponding to the content ID attached to the right contents 
change command was not found in the external memory 67, or if tamper was found in a storage block of the external 
30 memory in which the license conditions information is stored (which has been described with reference to Figure 68), 
the processing proceeds to step S251, and predetermined error processing is performed. 

[0487] In this way, the home server 51 can purchase a new right using an already purchased right (described in the 
license conditions information), a handling policy and price information, and change utilization right contents. 
[0488] Figures 76 and 77 illustrate concrete examples of a rule portion of a handling policy and price information. In 

35 Figure 76, the handling policy is composed of a rule number attached to each utilization right as a serial number, a 
utilization contents number indicating utilization right contents, its parameter, a minimum sales price, and a profit ratio 
of a content provider, in which, for example, five rules are written. Since a rule 1 has a utilization right contents number 
1 as a right item, it is seen from Figure 44 that the right is a right without a reproduction right, time and number of times 
limitations. In addition, it is seen that there is no specific description in the item of a parameter. The minimum sales 

40 price is ¥350, and a share of the content provider 2 is 30% of the price. Since a rule 2 has a utilization right contents 
number 2 as the right item, it is seen from Figure 44 that the right is a right with a reproduction right and time limitation 
and without number of times limitation. In addition, it is seen from the item of a parameter that a utilization possible 
period is one hour. The minimum sales price is ¥100, and the share of the content provider 2 is 30% of the price. Since 
a rule 3 has a utilization right contents number 6 as the right item, it is seen from "Figure 44 that the right is a right 

45 without a reproduction right (without a copy control signal), without time limitation and with number of times limitation. 
In addition, it is seen from the item of a parameter that the utilization possible number of times is one. The minimum 
sales price is ¥30, and the share of the content provider 2 is 30% of the price. 

[0489] Since a rule 4 has a utilization right contents number 13 as the right item, it is seen from Figure 44 that the 
right is utilization contents change. It is seen from the item of a parameter that a changeable rule number from #2 (with 

50 a reproduction right, with time limitation and without number of times limitation) to #1 (without a reproduction right, time 
and number of times limitation) . The minimum price is ¥200, and the share of the content provider 2 is 20% of the 
price. The minimum sales price is presented lower than that of the rule 1 because it is considered that an already 
purchased right it traded in and repurchased, and the share of the content provider 2 is presented lower than that of 
the rules 1 in order to increase the share of the electronic distribution service center 1 that performs actual work (since 

55 the content provider 2 has no work at the time of right contents change). 

[0490] Since a rule 5 has a utilization right contents number 14 as the right item, it is seen from Figure 44 that the 
right is redistribution. It is seen from the item of a parameter that redistribution possible conditions is that an apparatus 
having the rule number #1 (without a reproduction right, time and number of times limitation) purchases and redistribute 
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the rules number #1 (without a reproduction right, time and number of times limitation) . The minimum sales price is 
¥250, and the share of the content provider 2 is 20% of the price. The minimum sales price is lower than that of the 
rule 1 because it is considered that an apparatus having an already purchased right repurchases identical contents, 
and the share of the content provider 2 is presented lower than that of the rule 1 in order to increase the share of the 
5 electronic distribution service center 1 that performs actual work (since the content provider 2 does not have work at 
the time of redistribution). 

[0491] In Figure 77, the price information is composes of a rule number attached to each utilization right as a serial 
number, a parameter and price information. Five rules are also described in this price information. A rule 1 is price 
information corresponding to the rule #1 of the handling policy, and indicates that a price is ¥500 and a share of the 
10 service provider 3 is 30% when the utilization contents number #1 is purchased. Therefore, out of ¥500 paid by a user, 
the content provider 2 takes ¥150, the service provider 3 takes ¥150, and the electronic distribution service center 1 
takes ¥200. Since rules 2 to 5 are similar, their details are omitted. 

[0492] Further, in rules 4 and 5, the share of the service provider 2 is fewer than that of the rule 1 because a user 
apparatus performs distribution work on behalf of the service provider 2, and the electronic distribution service center 

15 1 performs collection of prices. 

[0493] In addition, although the rule numbers are serial numbers from #1 to #5 in this example, this is not necessarily 
the case. Since a person preparing price information sets a utilization contents number and a number for each rule 
number, and arranges ones extracted from the numbers, the rule numbers are not generally serial numbers. 
[0494]* Figure 78 illustrates a specific example when the right contents change described in Figure 75 is performed. 

20 The handling policy is composed of a rule number attached to each utilization right as a serial number, a utilization 
contents number indicating utilization right contents, it parameter, a minimum sales price, and a profit ratio of a content 
provider, the price information is composes of a rule number attached to each utilization right as a serial number, a 
parameter and price information, and the license conditions information is composed of a rule number attached to each 
utilization right as a serial number, a utilization right contents number indicating utilization right contents, and its pa- 

25 rameter. The home server 51 has already purchased a right with a reproduction right with the rule number #2 and time 
limitation, and the rule number #2 is described in the license conditions information indicating right contents, which 
indicates that remaining utilization possible time is thirty minutes, and accumulated two hours of purchase has been 
performed so far. If it is tried to change the right from with time limitation to without time limitation now, it is seen from 
a rule 3 of the handling policy, a rule 3 of the price information and the license conditions information that the right can 

30 be changed to without a reproduction right, time and number of times limitation with ¥200, and the license conditions 
information changes to without a reproduction right, time and number of times limitation of the rule number #1 and the 
utilization right contents number (a parameter in case of the utilization right contents number #1 will be described later. 
In addition, in this example, changing the right contents once after buying a right with time limitation is cheaper than 
directly buying a right without a reproduction right, time and number of times limitation. Thus, it is better to put a discount 

35 considering accumulated utilization time. 

[0495] Figure 79 is a flow chart illustrating details of processing in which the home server 51 purchases a content 
utilization right for the fixed apparatus 52 and redistributes the utilization right. Since steps S260 to S264 are similar 
to steps S220 to S225 of Figure 74, their detailed description is omitted. In step S265, the encryption processing section 
65 of the home server 51 causes the external memory control section 97 of the encryption processing section 65 to 

40 read out from the external memory 67 license conditions information and the content key encrypted by the save 
key Ksave corresponding to contents that is tried to be redistributed. Since a method of reading out from the external 
memory 67 by the external memory control section 97 was described in Figure 68, its details are omitted. If successfully 
read out, the processing proceeds to step S266. 

[0496] In step S266, the upper controller 62 of the home server 51 displays information whosd contents can be 
45 redistributed (e.g.. a utilization form or a price whose contents can be redistributed) using the display means 64, and 
a user selects redistribution contents conditions using the inputting means 63. Further, this selection processing may 
be performed at the time of starting the redistribution processing in advance. The signal inputted from the inputting 
means 63 is transmitted to the upper controller 62 of the home server 51, and the upper controller 62 generates a 
redistribution command based on the signal and inputs the redistribution command in the encryption processing section 
50 65 of the home server 51. The encryption processing section 65 having received this generates charge information 
and new license conditions information from the handling policy and the price information received in step S264, and 
the license conditions information read out in step S265. 

[0497] Since step S267 is similar to step S171 of Figure 67, its detailed description is omitted. In step S268, the 
control section 91 of the encryption processing section 65 decrypts the content key encrypted by the save key 
55 K save read out in ste P S265 b y the decryption unit 111 of the encryption/decryption module 96 using the save key 

supplied from the storage module 92. Then, the control section 91 of the encryption processing section 65 re-encrypts 

the content key K^, by the encryption unit 112 of the encryption/decryption module 96 using the temporary key 

that was shared with at the time of mutual authentication in step S260. Finally, the signature generation unit 114 of the 
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encryption/decryption module 96 generates signatures corresponding to the content key encrypted by the tempo- 
rary key K tefnp and the new license conditions information generated in step S266, and returns it to the control section 
91 of the encryption processing section 65. 

[0498] Since processing of steps S269 to S272 is similar to steps S229 to S232 of Figure 74, its details are omitted. 

5 [0499] In this way, the home server 51 can perform redistribution of contents by creating new license conditions 
information from a utilization right (license conditions information) it owns and a handling policy, price information, and 
transmitting the information to the fixed apparatus 52 together with the content key and contents it owns. 
[0500] Figure 80 is a flow chart illustrating details of processing in which the home server 51 transmits license con- 
ditions information and content key to the fixed apparatus 52 and the fixed apparatus 52 purchases a content 

10 utilization right. In step S280, the encryption processing section 73 of the fixed apparatus 52 decides whether or not 
a total of charges of charge information stored in the storage module of the encryption processing section 73 has 
reached an upper limit, and if it has not reached the upper limit, the processing proceeds to step S281 (Further, the 
decision may be made by an upper limit of the number of charge processing instead of the upper limit of charges). 
[0501] In step S281, the upper controller 72 of the fixed apparatus 52 inputs the registration information read out 

15 from the small storage section 75 of the fixed apparatus 52 in the encryption processing section 73 of the fixed apparatus 
52. The encryption processing section 73 having received the registration information decides if the item of "purchase 
processing" for the ID of the fixed apparatus 52 is marked "purchase possible" after verifying a signature of the regis- 
tration information by a signature verification unit of an encryption/decryption module (not shown), and if it is "purchase 
possible," the processing proceeds to step S282. 

20 [0502] Since step S282 is similar to step S220 of Figure 74, its details are omitted. Since step S283 is similar to step 
S221 of Figure 74, its details are omitted (the home server 51 decides whether or not the fixed apparatus 52 is regis- 
tered, and the fixed apparatus 52 decides whether or not the home server 51 is registered) . Since step S284 is similar 
to step S265 of Figure 79, its details are omitted. Since step S285 is similar to step S268 of Figure 79, its details are 
omitted. In step S286, the control section 91 of the encryption processing section 65 generates signatures with respect 

25 to the content key encrypted by the temporary key and the license conditions information read out in step 
S284 using the signature generation unit 114 of the encryption/decryption module 96, and transmits them to the upper 
controller 62. The upper controller 62 of the home server 51 having received the content key encrypted by the 
temporary key K temp and the license conditions information and their signatures reads out the contents encrypted by 
the content key K^, the handling policy and its signature, if necessary, and the price information and its signature from 

30 the mass storage section 68, and transmits the content key encrypted by the temporary key K,^ and the license 
conditions information, the contents encrypted by the content key K^, the handling policy and its signature, and the 
price information and its signature to the fixed apparatus 52. 

[0503] Since step S287 is similar to step S230 of Figure 74, its details are omitted. Since step S288 is similar to step 
S225 of Figure 74, its details are omitted. In step S289, the upper controller 72 of the fixed apparatus 52 displays 

35 information whose contents can be redistributed (e.g., a utilization form or a price whose contents can be redistributed) 
using the display means 78, and a user selects redistribution contents conditions using the inputting means 77. Further, 
this selection processing may be performed at the time of starting the redistribution processing in advance. The signal 
inputted from the inputting means 77 is transmitted to the upper controller 72 of the fixed apparatus 52, and the upper 
controller 72 generates a redistribution command based on the signal and inputs the redistribution command in the 

40 encryption processing section 73 of the fixed apparatus 52. The encryption processing section 73 having received this 
generates charge information and new license conditions information from the handling policy, the price information 
and the license conditions information received in step S286. 

[0504] In step S290, the encryption processing section 73 of the fixed apparatus 52 stores the charge information 
generated in step S289 in a storage module'fnot shown) of the encryption processing section 73. In step S291, trie 

45 encryption processing section 73 of the fixed apparatus 52 decrypts the content key encrypted by the temporary 
key K temp received in step S286 by a decryption unit (not shown) of the encryption processing section 73 using the 
temporary key shared in step S282. Then, the encryption processing section 73 of the fixed apparatus 52 encrypts 
the content key by an encryption unit (not shown) of the encryption processing section 73 using the save key 
supplied form a storage module (not shown) of the encryption processing section 73. 

50 [0505] In step S292, the encryption processing section 73 of the fixed apparatus 52 transmits the license conditions 
information generated in step S289 and the content key encrypted by the save key Ksa ve2 generated in step S291 
to an external memory control section (not shown) of the encryption processing section 73. The external memory 
control section having received the license conditions information and the content key encrypted by the save key 
K save2 writes tn © license conditions information and the content key encrypted by the save key K mB2 in the external 

55 memory 79. Since the tamper check in writing was described with reference to Figure 69, its details are omitted. 

[0506] In this way, the fixed apparatus 52 can receive redistribution of contents by receiving a utilization right (license 
conditions information) owned by the home server 51 , a handling policy, price information, a content key K^, and 
contents from the home server 51, and creating new license conditions information in the fixed apparatus 52. 
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[05071 Figure 81 illustrates a managed transfer right. Managed transfer means an operation capable of transferring 
a reproduction right from an apparatus 1 to an apparatus 2, which is the same as normal transfer in that the right is 
transferred from the apparatus 1 to the apparatus 2, but is different from norma! transfer in that the apparatus 2 cannot 
retransfer the received reproduction right (the apparatus 1 after transferring a reproduction right cannot retransfer the 
5 reproduction right as in the normal transfer) . The apparatus 2 having received the reproduction right by the managed 
transfer can return the reproduction right to the apparatus 1, and after returning the reproduction right, the apparatus 

1 can transfer the reproduction right again and the apparatus 2 cannot continue to transfer the reproduction right. In 
order to realize these, a purchaser of the managed transfer right and a current holder of the managed transfer right 
are managed in the license conditions information (here, it is assumed that the managed transfer can only be performed 

10 if the utilization content number #1 is held, but this can be extended to the utilization right content number #2). 

[0508J in Figure 81 , since the rule 1 of the handling policy was described in Figure 78, its details are omitted. Since 
a right item of the rule 2 is the utilization right content number 16, it is seen from Figure 44 that the right is the managed 
transfer right. In addition, it is seen that there is no specific description in the item of a parameter. The minimum sales 
price is ¥ 1 00, and the share of the content provider 2 is 50% of the price. The share of the content provide 2 is presented 

15 higher than that of the rule 1 because, since the service provider 3 does not perform actual work at all, its share is 
transferred to the share of the content provider 2. 

[0509] ,n Figure 81 , since the rule 1 of price information was described in Figure 78, its details are omitted. The rule 

2 is price information of the rule #2 of a handling policy, and indicates that the price is ¥100 and the share of the service 
provider 3 is 0% when the utilization right content number #1 6 is purchased. Therefore, out of ¥1 00 paid by a user, the 

20 content provider 2 takes ¥50, the service provider 3 takes ¥0, and the electronic distribution service center 1 takes ¥50. 
[05101 In Figure 81, the user first purchases the rule number #1 (without a reproduction right, time and number of 
times limitation). However, the user does not have the managed transfer right then (the state of a in Figure 81). Then, 
the user purchases the managed transfer right (since these operations happens in an instance, it looks as if the user 
purchased all at a time). Concerning the rule number of the license conditions, an ID of an encryption processing 

25 section indicating a purchase (hereinafter referred to as a purchaser) is ID1 (e.g., an ID of the home server 51), and 
an ID of an encryption processing section holding the reproduction right (hereinafter referred to as a holder) is ID2 (the 
state of b in Figure 81). If this is transferred to the fixed apparatus 52 by performing the managed transfer, in the rule, 
section of the license conditions information held by the home server 51, the purchase is still ID1, but the holder is 
changed to ID2. In addition, in the rule section of the license conditions information held by the fixed apparatus 52 

30 having received the reproduction right by the managed transfer, the purchase is ID1 and the holder is ID2, which is 
the same as the license conditions information of the home server 51. 

[051 11 Figure 82 is a flow chart illustrating details of the transfer processing of the managed transfer right. In Figure 
82, since step S300 is similar to step S220 of Figure 74, its details are omitted. In addition, since step S301 is similar 
to step S221 of Figure 74, its details are omitted. Since step S302 is similar to step S246 of Figure 75, its details are 
35 omitted. In step S303, the encryption processing section 65 of the home server 51 inspects the rule section of the read 
out license conditions information, and decides if the use right is without the reproduction right, time and number of 
times limitation and with the managed transfer right. If it is decided that there is the managed transfer right, the process- 
ing proceeds to step S304. 

[05121 In step S304, the control section 91 of the encryption processing section 65 decides if both the purchaser 
40 and the holder of the managed transfer right are the ID of the home server 51. If it is decided that both the purchase 
and the holder of the managed transfer right is the ID of the home server 51, the processing proceeds to step S305. 
in step S305, the control section 91 of the encryption processing section 65 rewrites the holder of the managed transfer 
right of the license conditions information to the ID of the fixed apparatus 52. In step S306, the control section 91 of 
the encryption processing section 65 outputs the license conditions information rewritten in step S305 to the external 
45 memory control section 97 of the encryption processing section 65. The external memory control section 97 of the 
encryption processing section 65 having received the license conditions information overwrites the license conditions 
information on the external memory 67. Since the method of rewriting and storing data of the external memory 67 was 
described in Figure 70, their details are omitted. Since steps S307 to S311 are similar to steps S268 to S272 of Figure 
79, their details are omitted. 

50 [0513J If the managed transfer right was not included in the license conditions information in step S303, or if the 
purchase or the holder of the managed transfer right was not the home server 51 in step S304, the processing is 
terminated. 

[0514J this way, the right for reproducing contents from the home server 51 to the fixed apparatus 52 can be 
transferred. 

55 [051 5J Figure 83 is a flow chart illustrating processing for returning the managed transfer right from the fixed apparatus 
52 currently holding the managed transfer right to the home server 51 that is the purchaser of the managed transfer 
right. In Figure 83, since step S320 is similar to step S220 of Figure 74, its details are omitted. Since step S321 is 
similar to step S221 of Figure 74, its details are omitted, but it is inspected if the other's ID is registered in each of the 
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home server 51 and the fixed apparatus 52. If it is decided that the IDs are registered, the processing proceeds to step 
S322. Since step S322 is similar to step S246 of Figure 75, its details are omitted, but data of an identical content ID 
is read out in both the home server 51 and the fixed apparatus 52. If data is correctly read from the external memory, 
the processing proceeds to step S323. Since step S323 is similar to step S303 of Figure 82, its details are omitted, 
5 but it is decided that both the home server 51 and the fixed apparatus 52 have the managed transfer right. If it is decided 
that there is the managed transfer right, the processing proceeds to step S324. 

[0516] In step S324, the encryption processing section 65 of the home server 51 decides if the purchaser of the 
managed transfer right is the ID of the homes server 51 and the holder is the ID of the fixed apparatus 52. If it is decided 
that the purchaser of the managed transfer right is the ID of the home server 51 and the holder is the ID of the fixed 

10 apparatus 52, the processing proceeds to step S325. Similarly, the encryption processing section 73 of the fixed ap- 
paratus 52 decides if the purchaser of the managed transfer right is the ID of the home server 51 and the holder is the 
ID of the fixed apparatus 52. If it is decided that the purchaser of the managed transfer right is the ID of the home 
server 51 and the holder is the ID of the fixed apparatus 52, the processing proceeds to step S325. 
[051 7] In step S325, the record reproduction section 76 of the fixed apparatus 52 deletes contents from the recording 

15 medium 80 (however, since encrypted data simply remains, the contents needs not be deleted by force) . In step S326, 
the encryption processing section 73 of the fixed apparatus 52 causes an external memory control section (not shown) 
of the encryption processing section 73 to delete the content key encrypted by the save key stored in the 

external memory 79 and the license conditions information. Since the deletion method of data of the external memory 
79 was described in Figure 71, its details are omitted. 

20 [0518] In step S327, the control section 91 of the encryption processing section 65 generates license conditions 
information in which the holder of the managed transfer right of the license conditions information to the ID of the home 
server 51. In step S328, the control section 91 of the encryption processing section 65 outputs the license conditions 
information generated in step S327 to the external memory control section 97 of the encryption processing section 65. 
The external memory control section 97 of the encryption processing section 65 having received the license conditions 

25 information overwrites and stores the license conditions information in the external memory 67. Since the method for 
rewriting and storing in the external memory 67 was described in Figure 70, its details are omitted. 
[0519] If the registration information was tampered or the ID of the other apparatus was not registered in the homes 
server 51 or the fixed apparatus 52 in step S321 , or if the content key or the license conditions information with respect 
to predetermined contents was not found in the external memory or the memory block including these was tampered 

30 in the home server 51 or the fixed apparatus 52 in step S322, the processing proceeds to step S329 and error processing 
is performed. 

[0520] If the managed transfer right did not exist in the license conditions information in the home server 51 or the 
fixed apparatus 52 in step S323, or if the purchase was the home server 51 and the holder was not the fixed apparatus 
52 in the home server 51 or the fixed apparatus 52 in step S324, the processing is terminated. 
35 [0521] In this way, a right for reproducing contents can be returned from the fixed apparatus 52 to the home server 51 . 
[0522] Further, although contents and the content key or the like are described as one, these may exist in plural 
if necessary. 

[0523] In addition, although the content provider 2 and the service provider 3 is handled separately, they may be 
united as one. Moreover, the method of the content provider 2 may be applied to the service provider 3 as it is. 

40 

(2) Encryption processing by using an individual key 

[0524] The content provider 2 encrypts contents a content key that the content provider 2 itself prepared as described 
above with reference to Figure 9. In addition, the content provider 2 receives an individual key peculiar to a content 
45 provider from the electronic distribution service center 1 and an individual key encrypted by a delivery key, and encrypts 
the content key by the individual key. Thus, the content provider 2 supplies the contents encrypted by the content key, 
the content key encrypted by the individual key, and the individual key encrypted by the delivery key to the user home 
network 5 via the service provider 3. 

[0525] The user home network 5 decrypts the individual key peculiar to a content provider using the delivery key 
50 received from the electronic distribution service center 1. Thus, the user home network 5 can decrypts the content key 
that is encrypted by the individual key peculiar to a content provider and supplied from the content provider 2. The user 
home network 5 having obtained the content key can decrypt contents by the content key. 

[0526] Here, while an individual key is peculiar to each content server, a delivery key is only one kind. Therefore, 
the user home network 5 can decrypt an individual key from each content provider if it has one kind of delivery key. 
55 Accordingly, the user home network 5 does not need to have an individual key peculiar to each content provider, and 
can purchase contents of all content providers simply by having a delivery key. 

[0527] In addition, each content provider cannot decrypt individual keys (encrypted by a delivery key) peculiar to 
other content providers by not having a delivery key. Thus, stealing of contents among content providers can be pre- 
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vented. 

[05281 Here, in order to clarify the above-mentioned configurations of the embodiments and each means of the 
inventions described in the claims, characteristics of the present invention will be described as follows by adding the 
embodiment (only one example) corresponding to each means in parenthesis following each means. However, this 

5 description does not mean that each means is limited to the described examples of course. 

[0529] That is, in the information transmission system of the present invention is provided with a memory for saving 
individual key (e.g., a tamper resistant memory 201 of Figure 84) held by a content provider or a content seller trans- 
mitting information such as contents (e.g., a content transmission apparatus 200 of Figure 84) , means for encrypting 
a content key by an individual key Kj (e.g., a data encryption section 203 of Figure 84), means for generating a 

10 handling policy in which use conditions or the like of the content key are described (e.g., a handling policy generation 
section 206 of Figure 84), means for generating a digital signature with respect to various kinds of data (e.g., a signature 
generation section 207 of Figure 84), means for verifying signature data generated with respect to various kinds of 
data (e.g., a signature verification section 222 of Figure 84) held by a user purchasing contents (e.g., a content receiving 
apparatus 210 of Figure 84), means for comparing an ID indicating a generator of the content key and an ID of a 

15 generator of the handling policy (e.g., a comparator 226 of Figure 84), and means for saving a delivery key (e.g., a 
tamper resistant memory 221 of Figure 84). 

[0530] In addition, the information transmission system of the_present invention is provided with a memory for saving 
an individual key (e.g., a tamper resistant memory 201 of Figure 85) held by a content provider or a content seller 
transmitting information such as contents (e.g., a content transmission apparatus 200 of Figure 85). a memory for 
20 saving a key certificate (e.g., a memory 202 of Figure 85), means for encryption a content key by an individual key 
Kj (e.g., a data encryption section 203 of Figure 85), means for verifying signature data generated with respect to 
various kinds of data (e.g., a signature verification section 222 of Figure 85) held by a user purchasing contents (e.g., 
a content receiving apparatus 210 of Figure 85), and means for saving a delivery key (e.g., a tamper resistant 221 of 
Figure 85). 

25 

(3) Remote reproduction processing 

[0531] Remote reproduction processing for receiving a reproduction command from an apparatus holding contents 
(e.g., the homes server 51 ) by an apparatus that does not hold a reproduction right of contents (e.g., the fixed apparatus 

30 52) and reproducing the contents will be described. 

[0532] Figure 86 shows remote reproduction processing procedures, and first, in step S401, the home server 51 and 
the fixed apparatus 52 mutually authenticate after a content ID of contents that are to be remotely reproduced by an 
input operation of a user is inputted in the upper controller 62. Since the mutual authentication processing is similar to 
the processing described in Figure 52, its description is omitted. In step S402, the upper controller 62 of the home 

35 server 51 causes the encryption processing section 65 of the home server 51 to inspect registration information read 
out from the mass storage section 68 of the home server 51. The encryption processing section 65 having received 
the registration information from the upper controller 62 causes the signature verification unit 115 of the encryption/ 
decryption module 96 to verify a signature attached to the registration information by a public key of the authentication 
station 22 supplied form the storage module 92 of the encryption processing section 65. -"After successful verification 

40 of the signature, the encryption processing section 65 decides if the item of "registration" is marked "registration pos- 
sible," and if it is decided that the item is marked "registration possibte," the processing proceeds to step S403. Further, 
the fixed apparatus 52 side also inspects the registration information, and decides that the home server 51 is marked 
"registration possible." m 

[0533] In step S403, the upper controller 62*generates a reproduction command including a contenf ID of contents - 
45 to be remotely reproduced, and in subsequent step S404, the encryption processing section 65 of the home server 51 
causes the external memory control section 97 of the encryption processing section 65 to read out a content key 
encrypted by a save key and license conditions information corresponding to the contents to be remotely repro- 
duced from the external memory 67. Since a method for reading out data from the external memory 67 by the external 
memory control section 97 is as described in Figure 68, its details are omitted. If succeeded in reading out, the process- 
50 ing proceeds to step S405. 

[0534] In step S405, the decryption unit 111 of the encryption/decryption module 96 decrypts the content key 
read out from the external memory 67 by the save key Ks ave supplied from the storage module 92. After encrypting 
the content key K^, by the temporary key K^p in step S406, the encryption unit 112 of the encryption/decryption 
module 96 encrypts the reproduction command by the temporary key in step S407. 
55 [0535] In the subsequent step S408, the home server 51 reads out the contents (encrypted by the content key K^) 
to be remotely reproduced from the mass storage section 68, and transmits the contents to the fixed apparatus 52 
together with the content key and the reproduction command encrypted by the temporary key K^p in the above- 
mentioned steps S406 and S407. 
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[0536] In step S409, the fixed apparatus 52 decrypts the content key and the reproduction command received from 
the home server 51 by the temporary key K^p, and in step S410, the encryption processing section 73 and the 
extension section 74 mutually authenticate and share the temporary key K temp2 . Then, in step S411, the encryption 
processing section 73 encrypts the content key and the reproduction command by the temporary key K temp2 shared 
5 with the extension section 74 in the above-mentioned step S410. In step S412, the encryption processing section 73 
transmits the content key K^, and the reproduction command encrypted by the temporary key K temp2 to the extension 
section 74, and in step S413, the extension section 74 decrypts the content key and the reproduction command 
by the temporary key K temp2 . 

[0537] In step S414, the extension section 74 decrypts the contents received from the home server 51 in the above- 
10 mentioned step S408 by the content key K^, decrypted in the above-mentioned step S413 in accordance with the 
reproduction command decrypted in the above-mentioned step S413. Then, in step S415, the extension section 74 
extends the decrypted contents by a predetermined method such as the ATRAC. In step S416, the upper controller 
72 inserts data instructed by the encryption processing section 73 in the contents in the form of an electronic watermark. 
Incidentally, the data handed from the encryption processing section 73 to the extension section 74 is not limited to 
15 the content key and the reproduction command, but includes reproduction conditions (an analog output a digital 
output, an output with copy control signal (SCMS)) f an ID of an apparatus that has purchased a content utilization right, 
or the like. The data to be inserted is the ID of the apparatus that has purchased the content utilization right, i.e., an 
ID of an apparatus in the license conditions information. In step S417, the extension section 74 reproduces music via 
a speaker (not shown). 

20 [0538] In the above-described configuration, since the home server 51 transmits the contents and the reproduction 
command of the contents as well as the content key to the fixed apparatus 52, the fixed apparatus 52 that does 
not hold the reproduction right of the contents can reproduce the contents using the reproduction command and the 
content key K^. Therefore, according to the above-described configuration, the contents can be reproduced in a plu- 
rality of apparatuses (a fixed apparatus, etc) connected to an apparatus holding the contents (an apparatus having the 

25 reproduction right of the contents). 

(4) Reservation purchase processing 

[0539] Reservation purchase processing for performing a purchase reservation of contents by performing key con- 

30 version of the contents in advance before an effective period of a delivery key is expired will be described. In step S4 51 
of reservation purchase processing procedures indicated in Figure 87, the home server 51 performs registration infor- 
mation update decision processing, and the processing proceeds to step S452. Since the registration information 
update decision processing is as described in Figures 61 and 62, its detailed description is omitted. However, in the 
reservation purchase processing, decision of a registration information update timing based on a number of purchase 

35 and a purchase price described in steps S601 and S602 of Figure 61 may not be performed. 

[0540] In step S452, the upper controller 62 of the home server 51 inputs the registration information read out from 
the mass storage section 68 of the home server 51 in the encryption processing section 65 of the home server 51. 
After verifying a signature of the registration information by the signature verification unit 115 of the encryption/decryp- 
tion module 96, the encryption processing section 65 having received the registration information decides whether or 

40 not the items of "purchase processing" and "registration" with respect to the ID of the home server 51 are marked 
"purchase possible" and "registration possible," and if they are marked "purchase possible" and "registration possible, 
" the processing proceeds to step S453. In step S453, the upper controller 62 of the home server 51 inputs the public 
key certificate of the content provider 2 read out from the mass storage section 68 of the home server 51 in the encryption 
processing section 65 of the home server 51. After verifying a signature of the pubiic key certificate of the content 

45 provider 2 by the signature verification unit 115 of the encryption/decryption module 96, the encryption processing 
section 65 having received the public key certificate of the content provider 2 takes out a public key of the content 
provider 2 from the public key certificate. If it is confirmed that no tamper is made as a result of the verification of the 
signature, the upper controller 62 proceeds to step S454. 

[0541] In step S454, the upper controller 62 of the home server 51 inputs the content key read out from the mass 
50 storage section 68 of the home server 51 in the encryption processing section 65 of the home server 51 . The encryption 
processing section 65 having received the content key verifies a signature of the content key by the signature 
verification unit 1 1 5 of the encryption/decryption module 96, and if it is confirmed that no tamper is made, the processing 
proceeds to step S455. 

[0542] In step S455, the upper controller 62 of the home server 51 inputs the individual key K, read out from the 
55 mass storage 68 of the home server 51 in the encryption processing section 65 of the home server 51. The encryption 
processing section 65 having received the individual key K verifies a signature of the individual key by the signature 
verification unit 115 of the encryption/decryption module 96, and if it is confirmed that no tamper is made, the processing 
proceeds to step S456. 
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[0543] Here, if one signature is attached to the entirety of the content key encrypted by the individual key K, and 
the individual key Kj encrypted by the delivery key K d , steps S454 and S455 can be united and the signature verification 
processing can be simplified. 

[0544] In step S456, the control section 91 of the encryption processing section 65 decrypts the individual key Kj 
5 inputted in step S455 by the decryption unit 111 of the encryption/decryption module 96 using the delivery key 

supplied from the storage module 92. Then, the control section 91 of the encryption processing section 65 decrypts 
the content key inputted in step S454 using the individual key Kj previously decrypted. Finally, the control section 
91 of the encryption processing section 65 encrypts the content key K^, by the encryption unit 112 of the encryption/ 
decryption module 96 using the save key K^^ supplied from the storage module 92. 
10 [0545] In step S457, the content key encrypted by the save key ^ is saved in the external memory 67 via the 
external memory control section 97 of the encryption processing section 65. 

[0546] In addition, if it is decided in step S452 that the home server 51 is an apparatus that cannot perform purchase 
processing, or it is decided in step S453 that the signature of the public key certificate of the content provider 2 is not 
correct, or if it is decided in step S454 that the signature of the content key encrypted by the individual key Kj is 

15 not correct, or if its is decided in step S455 that the signature of the individual key Kj encrypted by the delivery key K<, 
is not correct, the processing proceeds to step S458, where the home server 51 performs error processing. 
[0547] As described above, after decrypting the content key by the individual key K jt the home server 51 re- 
encrypts the content key by the save key K^, and causes the external memory 67 to store it. Since this reservation 
purchase processing does not actually purchase contents, among the purchase processing described above with ref- 

20 erence to Figure 67, processing for charge information in the registration information update determination processing 
of step S161, processing for purchased contents corresponding to step S164, processing for a handling policy corre- 
sponding to step S1 67, processing for public key verification of a service provider corresponding to step S1 68, process- 
ing for signature verification of price information corresponding to step S169, and save processing of charge information 
and license conditions information corresponding to steps S170 through S172 may not be performed. 

25 [0548] Incidentally, in the case of the reservation purchase processing of Figure 87, although the home server 51 
did not prepare license conditions information, the home server 51 may prepare license conditions information and set 
its utilization right content number (i.e., a right item) in a state without a right such as an initial value (e.g., #0 that does 
not exist), or the like. 

[0549] In this way, in the reservation purchase processing, by saving the content key in the external memory 67 
30 before an effective period of the delivery key K d expires, the home server 51 can purchase contents encrypted by the 
saved content key regardless of a period of the delivery key K^ 

[0550) Here, the purchase processing of contents for which purchase reservation is made by saving the content key 
in the external memory 67 in the home server 51 will be described. In step S471 of the purchase processing 
procedures shown in Figure 88, the home server 51 performs the registration information update determination process- 
35 jng, and the processing proceeds to step S472. Since the registration information update determination processing is 
as described in Figures 61 and 62, its details are omitted. However, in the purchase processing, determination of a 
registration information update timing based on the delivery key K<, described in step S603 of Figure 61 may no be 
performed. 

[0551] In step S472, the upper controller 62 of the home server 51 inputs the registration information read out from 

40 the mass storage section 68 of the home server 51 in the encryption processing section 65 of the home server 51. 
After verifying a signature of the registration information by the signature verification unit 115 of the encryption/decryp- 
tion module 96, the encryption processing section 65 having received the registration information decides if the items 
of "purchase processing" and "registration" are marked "purchase possible" and "registration possible." rf they are 
marked "purchase possible" and "registration possible," the processing proceeds to step S473. In step S473, the upper 

45 controller 62 of the home server 51 inputs the public key certificate of the content provider 2 read out from the mass 
storage section 68 of the home server 51 in the encryption processing section 65 of the home server 51 . After verifying 
a signature of the public key certificate of the public key certificate of the content provider 2 by the signature verification 
unit 115 of the encryption/decryption module 96, the encryption processing section 65 having received the public key 
certificate of the content provider 2 takes out a public key of the content provider 2 from the public key certificate. If it 

50 is confirmed that no tamper is made as a result of the verification of the signature, the processing proceeds to step S474. 
[0552] In step S474, the upper controller 62 of the home server 51 inputs the contents read out from the mass storage 
section 68 of the home server 51 in the encryption processing section 65 of the home server 51. The encryption 
processing section 65 having received the contents verifies a signature of the contents by the signature verification 
unit 115 of the encryption/decryption module 96, and if it is confirmed that no tamper is made, the processing proceeds 

55 to step S475. 

[0553] In step S475, the upper controller 62 of the home server 51 inputs the handling policy read out from the mass 
storage section 68 of the home server 51 in the encryption processing section 65 of the home server 51 . The encryption 
processing section 65 having received the handling policy verifies a signature of the handling policy by the signature 
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verification unit 1 1 5 of the encryption/decryption module 96, and if it is confirmed that no tamper is made, the processing 
proceeds to step S476. in step S476, the upper controller 62 of the home server 51 inputs the public key certificate of 
the service provider 3 read out from the mass storage section 68 of the home server 51 in the encryption processing 
section 65 of the home server 51. After verifying a signature of the public key certificate of the service provider 3 by 
5 the signature verification unit 1 1 5 of the encryption/decryption module 96, the encryption processing section 65 having 
received the public key certificate of the service provider 3 takes out a public key of the service provider 3 from the 
public key certificate. If it is confirmed that no tamper is made as a result of the verification of the signature, the process- 
ing proceeds to step S477. 

[0554] In step S477, the upper controller 62 of the home server 51 inputs the price information read out from the 
10 mass storage section 68 of the home server 51 in the encryption processing section 65 of the home server 51. The 
encryption processing section 65 having received the price information verifies a signature of the price information by 
the signature verification unit 11 5 of the encryption/decryption module 96, and if it is confirmed that no tamper is made, 
the processing proceeds to step S478. 

[0555] In step S478, the upper controller 62 of the home server 51 displays information of purchasable contents (e. 

15 g. t a purchasable utilization form, a price or the like) using the display means 64, and a user selects a purchase item 
using the inputting means 63. Further, selection processing of a purchase item may be performed prior to the purchase 
processing. A signal inputted from the inputting means 63 transmitted to the upper controller 62 of the home server 
51 , and the upper controller 62 generates a purchase command based on the signal and inputs the purchase command 
in the encryption processing section 65 of the home server 51. The encryption processing section 65 having received 

20 this generates charge information and license conditions information from the handling policy inputted in step S475 
and the price information inputted in step S477. Since the charge information is as descried in Figure 42, its details 
are omitted. In addition, since the license conditions information is as described in Figure 41, its details are omitted. 
[0556] In step S479, the control section 91 of the encryption processing section 65 saves the charge information 
generated in step S478 in the storage module 92. Then, in step S480, the control section 91 of the encryption processing 

25 section 65 transmits the license conditions information generated in step S478 to the external memory control section 
97 of the encryption processing section 65. After checking tamper of the external memory 67, the external memory 
control section 97 having received the license conditions information writes the license conditions information in the 
external memory 67. Since the tamper check in writing is as described in Figure 69, its detailed description is omitted. 
(Further, if license conditions information without a right is already written, the license conditions information is rewritten 

30 and updated by the rewriting processing described in Figure 70.) 

[0557] Incidentally, if it is decided in step 472 that the home server 51 is an apparatus that cannot perform purchase 
processing or is not registered, or if it is decided in step S473 that a signature of the public key certificate is not correct, 
or if it is decided in step S474 that a signature of the contents encrypted by the content key is not correct, or if it 
is decided in step S475 that a signature of the handling policy is not correct, or if it is decided in step S476 that a 

35 signature of the price information is not correct, the processing proceeds to step S481, where the home server 51 
performs error processing. 

[0558] As described above, the home server 51 completes the purchase processing of contents by storing the charge 
information of the contents that a user selected to purchase in the storage module 92 and, at the same time, storing 
the license conditions information in the external memory 67. In the purchase processing, the signature verification of 
40 the content key (step S454) and the signature verification of the individual key K< (step S455) as well as the substitute 
processing of the content key K^, that have already been performed in the purchase processing described with refer- 
ence to Figure 87 are not performed. 

[0559] With the above-described configuration, as the home server 51 saves the content, key in the external 
* memory 67 by the reservation purchase processing before the delivery key is updated, even if the delivery key K d 
45 required when decrypting the content key is updated, the contents can be purchased when an effective period of 
the delivery key is expired because the content key is already saved in the external memory 67. 

(5) Proxy purchase processing 

50 [0560] Proxy purchase processing for giving and receiving contents between apparatuses having different registra- 
tion information, i.e., apparatuses belonging to different groups will be described. In this proxy purchase processing, 
when contents are given and received between the home server 51 and a portable apparatus or the like that is an 
apparatus external to a group of the home server 51 , the case in which the home server 51 side is charged and the 
case in which the apparatus external to a group is charged will be respectively described. In this case, the fixed appa- 

55 ratus 52 described with reference to Figure 15 will be described as the apparatus external to a group. 

[0561] Figure 89 shows processing procedures in which the home server 51 passes contents to an apparatus external 
to a group and performs charge processing, and in step S501, the home server 51 and the apparatus external to a 
group mutually authenticate. In step S502, the home server 51 and the apparatus external to a group exchange reg- 
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istration information each other, and inspects the other's registration information in the subsequent step S503. 
[0562] That is, the home server 51 causes the encryption processing section 65 to inspect the registration information 
received from the apparatus external to a group. The encryption processing section 65 having received the registration 
information from the apparatus external to a group causes the signature verification unit 11 5 of the encryption/decryption 

5 module 96 to inspect a signature attached to the registration information by a public key supplied from the storage 
module 92 of the encryption processing section 65. After successful verification of the signature, the control section 
91 of the encryption processing section 65 decides whether or not an I D of the apparatus external to a group is registered 
in the registration information and the items of "purchase processing" and "registration" is marked "purchase possible" 
and "registration possible." In addition, the apparatus external to a group having received the registration information 

10 of the home server 51 also decides in the similar manner whether or not an ID of the home server 51 is registered in 
the registration information of the home server 51 , and the item of "registration" is marked "registration possible." Then, 
when each confirms that the other apparatus is registered, the processing proceeds to step S504. 
[0563] Since steps S504 to S510 are the processing similar to that of steps S161 to S171 of Figure 67, its details 
are omitted. 

15 [0564] * In step S511, the control section 91 of the encryption processing section 65 decrypts the individual key Kj 
encrypted by the delivery key K d inputted in step S508 by the decryption unit 111 of the encryption/decryption module 
96 using the delivery key supplied from the storage module 92. Then, the control section 91 of the encryption 
processing section 65 decrypts the content key encrypted by the individual key Kj inputted in step S508 by the 
decryption unit 111 of the encryption/decryption module 96 using the previously decrypted individual key Kj. Then, the 

20 control section .91 of the encryption processing section 65 re-encrypts the content key K^, by the encryption unit 112 
of the encryption/decryption module 96 using the temporary key that was shared by the apparatus external to a 
group at the time of mutual authentication of step S501 . In step S51 2, the control section 91 of the encryption processing 
section 65 generates signatures for the content key encrypted by the temporary key K temp and the license conditions 
information generated in step S509 using the signature generation unit 114 of the encryption/decryption module 96, 

25 and transmits them to the upper controller 62. The upper controller 62 of the home server 51 having received the 
content key encrypted by the temporary Key K^p, the license conditions information and their signatures reads 
out the contents encrypted by the content key from the mass storage section 68, and transmits the content key 
Kco encrypted by the temporary key K^p, the license conditions information, their signatures and the contents en- 
crypted by the content key to the apparatus external to a group. 

30 [0565] In step S513, the apparatus external to a group having received the content key K^, encrypted by the tem- 
porary key K^p, the license conditions information, their signatures and the contents encrypted by the content key 
outputs the contents encrypted by the content key to the record reproduction section 76 of the apparatus 
external to a group. The record reproduction section 76 of the apparatus external to a group having received the 
contents encrypted by the content key saves the contents encrypted by the content key in the recording medium 

35 80. 

[0566] In step S514, the encryption processing section 73 of the apparatus external to a group verifies the signature 
received from the home server 51 in the above-mentioned step S512, and at the same time, decrypts content key 
encrypted by the temporary key K^p decrypts by the decryption unit of the encryption/decryption module using the 
temporary key K^p that was shared with the home server 51 at the time of authentication of step S501. Then, the 
40 control section of the encryption processing section 73 re-encrypts the content key by the encryption unit of the 
encryption/decryption module using the save key supplied from the storage module of the encryption processing 

section 73. 

[0567] In step S515, the encryption processing section 73 of the apparatus external to a group transmits the content 
key encrypted by the save key and the license conditions information received in step S513 to the external 

45 memory control section of the encryption processing section 73, and causes the external memory 79 to save them. 
Since the processing in which the external memory control section writes data in the external memory was described 
in Figure 69, its details are omitted. 

[0568] In this way, the home server 51 purchases a content utilization right, charge information is saved in the home 
server 51 side, and a utilization right is transferred to the apparatus external to a group. Thus, the home server 51 

50 makes payment for the content utilization right transferred to the apparatus external to a group. 

[0569] Figure 90 shows processing procedures in which the home server 51 passes contents to the apparatus ex- 
ternal to a group and the apparatus external to a group performs charge processing, and in step S551, the apparatus 
external to a group decides whether or not a total of charges of the charge information stored in the encryption process- 
ing section 73 (Figure 15) has reached an upper limit, and if it has not reached the upper limit, the processing proceeds 

55 to step S552. (Further, decision may be made by an upper limit of the number of charge processing rather than the 
upper limit of the total charges.) 

[0570] In step S552, the upper controller 72 of the apparatus external to a group inputs the registration information 
read out from the external memory 79 in the encryption processing section 73. After verifying a signature of the reg- 
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istration information by the signature verification unit of the encryption/decryption module provided it inside, the en- 
cryption processing section 73 having received the registration information decides whether or not the item of "purchase 
processing" for an ID of the apparatus external to a group (the fixed apparatus 52) is marked "purchase possible," and 
if it is marked "purchase possible," the processing proceeds to step S553. 
5 [0571] In step S553, the home server 51 and the apparatus external to a group mutually authenticates. Since the 
mutual authentication processing is similar to the processing described in Figure 52, its description is omitted. In step 
S554, the home server 51 and the apparatus external to a group exchange information each other, and inspect the 
other's registration information each other in the subsequent step S555. 

[0572] That is, the home server 51 causes the encryption processing section 65 to inspect the registration information 
10 received from the apparatus external to a group. The encryption processing section 65 having received the registration 
information from the apparatus external to a group causes the signature verification unit 115 of the encryption/decryption 
module 96 to verify a signature attached to the registration information by the public key supplied from the storage 
module 92 of the encryption processing section 65. After successful verification of the signature, the control section 
91 of the encryption processing section 65 decides whether or not the ID of the apparatus external to a group is 
15 registered in the registration information, and the item of "registration" is marked "registration possible." In addition, 
the apparatus external to a group having received the registration information of the home server 51 also decides in 
the similar manner whether or not the I D of the home server 51 is registered in the registration information of the home 
server 51, and the item of "registration" is marked "registration possible." Further, similar processing is performed by 
the apparatus external to a group as well. Then, when each apparatus has confirmed that the other's apparatus is 
20 registered, the processing proceeds to step S556. 

[0573] In step S556, the control section 91 of the home server 51 reads out the already purchased content key from 
the external memory 67 via the external memory control section 97, decrypts the content key by the save key 
in the subsequent step S557, and at the same time, re-encrypts it by the temporary key K^p to generates signatures 
for them. 

25 [0574] In step S558, the home server 51 transmits the content key encrypted by the save key Kt emp generated in 
step S557, and the contents, the handling policy and the price information read out from the mass storage section 68 
to the apparatus external to a group. In step S559, the apparatus external to a group saves the contents received from 
the home server 51 in the recording medium 80. 

[0575] After the apparatus external to a group (the fixed apparatus 52) verifies the signatures of the handling policy, 

30 the price information and the like in step S560. in step S561, the upper controller 72 of the apparatus external to a 
group displays information of purchasable contents (e.g., a purchasable utilization form, a price or the like) using the 
displaying means 78, and a user selects a purchase item using the inputting means 77. Further, selection processing 
of a purchase item may be performed prior to the proxy purchase processing. The signal inputted from the inputting 
means 77 is transmitted to the upper controller 72, and the upper controller 72 generates a purchase command based 

35 on the signal and inputs the purchase command in the encryption processing section 73. The encryption processing 
section 73 having received this generates charge information and license conditions information from the handling 
policy and the price information inputted in step S560. Since the charge information was described in Figure 42, its 
details are omitted. Since the license conditions information was described in Figure 41, its details are omitted. 
[0576] In step S562, the encryption processing section 73 saves the charge information generated in step S561 in 

40 the storage module in the encryption processing section 73. In step S563, with respect to the content key encrypted 
in step S557, the encryption processing section 73 verifies a signature, and at the same time, decrypts the signature 
by the temporary key K^p, and re-encrypts it by the save key K^^. Then, in step S564, the content key encrypted 
by the save key K save2 is saved in the external memory 79 from the encryption processing section 73. 
[0577] In this way, since the home server 51 transfers the already purchased content utilization right to the apparatus 

45 external to a group and the apparatus external to a group saves the charge information, the apparatus external to a 
group makes payment for the content utilization right transferred from the home server 51 . 

[0578] In the above-described configuration, by exchanging the registration information each other between the ap- 
paratuses having different registration information as described in the above-mentioned steps S502 and S554, contents 
held by one apparatus can be transferred to the other apparatus after confirming that the other apparatus is a registered 
50 apparatus. Therefore, according to the above-described configuration, contents can be given and received between 
apparatuses belonging to different groups. 

[0579] Further, although a signature of contents was verified in performing purchase processing in the above-men- 
tioned embodiment, the processing is sometimes omitted because it takes time. In addition, whether or not verification 
is sometimes necessary is described in a handling policy or price information, and operations are performed in accord- 
55 ance with it. 
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(6) Data format of various kinds of data 

[0580] The electronic distribution service center 1 adds an ID of the content provider 2 in an individual key Kj for 
each content provider 2, encrypts the entirety of the individual key Kj and the ID of the content provider 2 using the 

5 delivery key K d , and delivers the obtained data to a corresponding content provider 2 as the encrypted individual key 
[0581 J The content provider 2 stores the encrypted individual key given by the electronic distribution service center 
1 in this way in key data for single contents as it is, and delivers it to an apparatus in the user home network 5 via the 
service provider 3. Then, in the electronic music distribution system 1 0, the deliver key for decrypting the encrypted 
individual key Kj included in the key data is held only by the apparatus in the user home network 5, thereby substantially 

10 certainly preventing the ID of the content provider 2 that is encrypted together with the individual key K, to be tampered 
between the content provider 2 and the apparatus in the user home network 5 that purchases the contents. 
[0582] Therefore, the apparatus in the user home network 5 can easily and certainly check whether or not single 
contents and album contents as well as a handling policy are legal data by comparing an ID of the content provider 2 
included in the single contents and album contents as well as a handling policy and an ID of the content provider 2 

15 that is included in the key data and encrypted together with the individual key Kj, even if signatures of single contents 
and album contents are tampered during delivery and illegal contents are supplied, or a signature of a handling policy 
of the like is tampered during delivery. 

[0583] -Thus, in the electronic music distribution system 10, for example, purchase processing of illegal contents or 
generation of charge information for distributing profit illegally to a third party based on an illegal handling policy can 

20 be substantially certainly prevented, thereby preventing content data to be illegally utilized. 

[0584] Incidentally, in such an electronic music distribution system 10, an ID of the service provider 3 may be en- 
crypted and delivered in the same manner as an ID of the content provider 2, in which case, for example, even if an 
I D of the service provider 3 included in charge information is tampered (i.e. , a signature of price information is tampered) 
to illegally obtain profit, this can be easily and certainly prevented. 

25 [0585] In addition, Figure 91 shows generation management by transfer processing of a managed transfer right. As 
described above with reference to Figures 33 and 34, how many generations of reproduction rights can be transferred 
at the most is stored in a handling policy as generation management information. Therefore, when the handling policy 
is given to a predetermined first apparatus in the user home network 5 from the content provider 2 via the service 
provider 3 and purchase processing is executed in the encryption processing section in the first apparatus, the encryp- 

30 tion processing section detects generation management information included in the handling policy, and detects a 
maximum number of time the contents indicated by the generation management information can be repurchased. 
[0586] Then, when purchase processing of contents to which the handling policy is attached according to the detected 
maximum number of times contents can be repurchased, the encryption processing section prepares license conditions 
information based on the handling policy, stores the ID of the encryption processing section in the license conditions 

35 information, and at the same time, stores a number of times found by deducting one from the maximum number of 
times contents can be repurchased (i.e., a remaining number of time contents can be repurchased) as generation 
management information. 

[0587] In addition, when the purchased contents are supplied from a content provider 2 in which the encryption 
processing section is not provided, although the encryption processing section prepares charge information based on 
40 a handling policy, the encryption processing section stores a predetermined value set in advance that indicates neither 
encryption processing section as an ID of a supplier in the charge information. 

[0588] Then, when the contents to which purchase processing was applied can be redistributed by the generation 
management information included in the license conditions information, a first apparatus redelivers the contents from 
the first apparatus to a second apparatus in the user home network 5 together with the license conditions information, 

45 jf necessary. In the second apparatus, when executing purchase processing to the redelivered contents, the encryption 
processing section inside the second apparatus prepares the license conditions information attached to the contents 
again, stores the ID of the encryption processing section in the license conditions information prepared again, and at 
the same time, stores a number of times found by deducting one from the remaining number of times content can be 
repurchased stored in the first apparatus (i.e., a new remaining number of times contents can be repurchased) as 

50 generation management information. In addition, the encryption processing section stores the ID of the encryption 
processing section in the first apparatus as an ID of a supplier in the charge information prepared along the purchase 
processing. 

[0589] Then, thereafter, if the contents to which the purchase processing is applied by the generation management 
information included in the license conditions information has been repurchased for the maximum number of times the 
55 purchase processing is possible set in advance, the second apparatus determines that redelivery is impossible and 
does not redeliver the contents. 

[0590] Thus, in the electronic music distribution system 10, by providing for the maximum number of times contents 
can be repurchased in the handling policy in advance by the generation management information as described above, 
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and managing a remaining number of times the contents can be repurchased in the license conditions information for 
each purchase processing of the contents } illegal repurchase can be prevented. 

[0591] In addition, in the electronic music distribution system 10, by accumulating and storing an ID of a supplier of 
the contents by charge information upon repurchasing the contents, a supply route of the contents can be specified 
5 from the ID of the supplier of the charge information, if necessary, and, when illegal contents flows into the system, a 
supplier of the illegal contents can be retrieved and eliminated. 

[0592] Incidentally, in the electronic music distribution system 10, since an apparatus in the user home network 5 
provides the contents on behalf of the content provider 2 or the service provider 3 upon repurchasing the contents, for 
example, in the electronic distribution service center 1, profits can be returned to the apparatus by adding a discount 
10 point that can be used upon purchasing contents to a user having the apparatus of a supplier of repurchase of the 
contents based on an ID of the supplier included in the charge information. 

[0593] In above-described configuration, in the electronic music distribution system 10, in the case in which contents 
is provided to an apparatus in the user home network 5 via from the content provider 2 via the service provider 3, the 
content provider 2 generates single contents and album contents in which the contents encrypted by the content key 
*5 and the ID of the content provider 2 are stored, and at the same time, generates handling policies of the single 

contents and the album contents in which the ID of the content provider 2 is stored, and also generates key data for 
the single contents and the album contents in which the content key encrypted by the individual key K j( the individual 
key Kj encrypted by the delivery key or the like are stored. 

[0594] Then, the content provider 2 transmits the single contents and the album contents, the handling policies of 
20 the single contents and the album contents, and the key data for the single contents and the album contents as a 
content provider secure container. 

[0595] Here, the content provider 2 then uses the individual Key Kj supplied from the electronic distribution service 
center 1 as an individual key Kj encrypted by the delivery key K d , whereas the electronic distribution service center 1 
adds an ID of the content provider 2 to the individual key Kj and encrypts the entirety of these using the delivery key 
25 K d . Then, the delivery key K^, used for this encryption is held only by an apparatus in the user home network 5 other 
than the electronic distribution service center 1 . 

[0596] Therefore, in the electronic music distribution system 10, the individual key Kj encrypted by the delivery key 
K d can be provided from the content provider 2 to an apparatus in the user home network 5 via the service provider 3 
while preventing tampering, thus, in the apparatus, by comparing the ID of the content provider 2 obtained by decrypting 

30 the individual key K, encrypted by the delivery key Kj and the IDs of the content provider 2 included in the single 
contents and the album contents as well as the handling policies of the single contents and the album contents re- 
spectively, whether or not signatures of the handling policies of the single contents and the album contents as well as 
the handling policies of the single contents and the album contents can be easily and certainly detected. 
[0597] As a result, in the electronic music distribution system 10, provision of illegal contents to a user or generation 

35 of charge information for a third party to illegally obtain profit using a handling policy can be prevented, thus, illegal 
utilization of contents by a third party can be prevented. 

[0598] In addition, in the electronic music distribution system 10, a maximum number of times contents can be re- 
purchased is stored in a handling policy provided from the content provider 2, and at the same time, a remaining number 
of times contents can be repurchased is stored in the license conditions information in the apparatus each time the 
40 contents are repurchased between apparatuses in the user home network 5. 

[0599] Therefore, in the electronic music distribution system 1 0, an apparatus in the user home network 5 can manage 
a remaining number of times contents canbe repurchased by the license conditions information, thus, illegal repurchase 
m exceeding the maximum number of times contents can be repurchased can be prevented. 

■ " [0600] According to the above-described* configuration, by directly attaching an ID of the content provider 2 to con- . 

45 tents encrypted from the content provider 2 (i.e., storing an ID of the content provider 2 in data of single contents and 
album contents) or indirectly attaching it (i.e., attaching a handling policy in which an ID of the content provider 2 is 
stored), providing an ID of the content provider 2 encrypted together with the individual key Kj using the delivery key 
K d together with the content to which the ID of the content provider 2 is attached to an apparatus in the user home 
network 5, decrypting the encrypted ID of the content provider 2 in the apparatus, and comparing the obtained ID of 

50 the content provider 2 and the ID of the content provider 2 attached to the contents, whether or not the contents can 
be legally utilized can be easily and certainly determined, thus, an electronic music distribution system that can prevent 
contents from illegally utilized. 

[0601] In addition, by storing a maximum number of times contents can be repurchased in a handling policy provided 
form the content provider 2, and at the same time, storing a remaining number of times the contents can be repurchased 
55 jn the license conditions information in the apparatus to manage the number of times the contents can be repurchased, 
illegal repurchase exceeding the maximum number of times the contents can be repurchased can be prevented. 
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(7) Configuration of a record reproduction apparatus 

[0602] In the electronic music distribution system 10, a record reproduction apparatus 250 shown in Figure 92 is 
provided as an apparatus in the user home network 5. In the record reproduction apparatus 250, an electronic distri- 
5 bution only recording medium 251 that is a data storage apparatus is detachably provided. 

[0603] The record reproduction apparatus 250 can record contents electronically distributed from the service provider 
3 via the network 4 in the electronic distribution only recording medium 251 and reproduce the contents from the 
electronic distribution only recording medium 251. 

[0604] Actually, the record reproduction apparatus 250 is composed of a communication section 260 that is receiving 
10 means, an upper controller 261 that is record reproduction controlling means, an encryption processing section 262, 
an extension section 263 that is content decrypting means, inputting means 264, displaying means 265, and a mass 
storage section 266. The communication section 260 communicates with the electronic distribution service center 1, 
and at the same time, communicates with the service provider 3 via the network 4. 

[0605] The upper controller 261 once hold a content provider secure container and a service provider secure con- 
15 tainer received by the communication section 260 in the mass storage section 266 by controlling the record reproduction 
apparatus 250 and the electronic distribution only recording medium 251 based on an operation instruction inputted 
via the inputting means 264 at the time of purchase processing. 

[0606] . Then, the upper controller 261 causes the electronic distribution only recording medium 251 to execute pur- 
chase processing, thereby reads out contents encrypted by a conesponding content key K^, a content key en- 

20 crypted by an individual key K f , and an individual key K, encrypted by a delivery key K d from the mass storage section 
266, decrypts the individual key K, encrypted by the delivery key K d by a delivery key read out from the storage 
module 311 of the encryption processing section 301 in the electronic distribution only recording medium 251, decrypts 
the content key encrypted by the individual key Kj by the decrypted individual key K,, encrypts the obtained content 
key by a save key K save read out from the storage module 311 of the encryption processing section 301, and 

25 records the contents encrypted by the read out content key and the content key encrypted by the save key 
K save in tne electronic distribution only recording medium 251. 

[0607] In addition, the upper controller 261 reads out a content key encrypted by a temporary key (shared 
by the encryption processing section 262 and the encryption processing section 301 by mutual authentication) from 
the electronic distribution only recording medium 251, and supplies a content key K^, encrypted by a temporary key 
30 K temp2 (shared by the encryption processing section 262 and the extension section 263 by mutual authentication) and 
contents encrypted by the content key to the extension section 263 to decrypt the contents encrypted by the content 
key using the content key K^, by controlling the record reproduction apparatus 250 and the electronic distribution 
only recording medium 251 based on an operation instruction inputted via the inputting means 264 at the time of 
reproduction processing. 

35 [0608] Incidentally, since the inputting means 264 and the displaying means 265 have functions similar to those of 
the inputting means 63 and the displaying means 64 respectively, their descriptions are omitted. 
[0609] The encryption processing section 262 is composed of a control section 270, a storage module 271, a regis- 
tration information inspection module 272, a purchase processing module 273, a mutual authentication module 274, 
and an encryption/decryption module 275. Incidentally, the encryption processing section 262 is composed of an en- 

40 cryption processing only IC of a single chip in the same manner as the encryption processing section 65, and has a 
characteristic that illegally reading out data from outside is difficult (tamper resistant feature). 

[0610] In the encryption processing section 262, since the control section 270, the storage module 271, the regis- 
tration information inspection module 272, the purchase processing module 273, and the encryption/decryption module 
275 have functions similar to those of the control section 91, the storage module 92, the registration information in- 
45 spection module 93, the purchase processing module 94, and the encryption/decryption module 96 of the homes server 
51, their descriptions are omitted. 

[0611] In addition, the mutual authentication module 274 executes mutual authentication with the extension section 
263 and the electronic distribution only recording medium 251, and generates a temporary key (session key) to 
be shared with the extension section 263 and the electronic distribution only recording medium 251, if necessary. 

50 [0612] The encryption/decryption module 275 is composed of a decryption unit 280, an encryption unit 281, a random 
number generation unit 282, a signature generation unit 283, and a signature verification unit 284. Since the decryption 
unit 280, the encryption unit 281, the random number generation unit 282, the signature generation unit 283. and the 
signature verification unit 284 have functions similar to those of the decryption unit 111, the encryption unit 112, the 
random number generation unit 113, the signature generation unit 114, and the signature verification unit 115 of the 

55 home server 51 respectively, their descriptions are omitted. 

[061 3] The extension section 263 is composed of a mutual authentication module 290, a key encryption module 29 1 , 
a decryption module 292, an extension module 293, an electronic watermark addition module 294, and a storage 
module 295. Since the mutual authentication module 290, the key decryption module 291, the decryption module 292, 
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the extension module 293, the electronic water ma rk addition module 294, and the storage module 295 have functions 
similar to those of the mutual authentication module 101, the key decryption module 102, the decryption module 103, 
the extension module 104, the electronic watermark addition module 105, and the storage module 106 of the home 
server 51 respectively, their descriptions are omitted. 

5 [0614] In addition, the electronic distribution only recording medium 251 is made to execute purchase processing to 
prepare charge information, and hold the prepared charge information, and is composed of a communication section 
300 that is communicating means, an encryption processing section 301 that is content key encryption means and 
content key decryption means, an external memory control section 302 that is record reproducing means, and an 
external memory 303 that is recording medium. 

10 [0615] The communication section 300 transmits and receives data between the upper controller 261 of the record 
reproduction apparatus 250. The encryption processing section 301 is made up of a circuit configuration similar to the 
encryption processing section 65 of the home server 51, and has a characteristic that illegal read out of data from 
outside is difficult (tamper resistant feature) . In addition, the encryption processing section 301 is composed of a control 
section 310, a storage module 311 that is save key holding means, a registration information inspection module 312, 

15 a purchase processing module 313, a mutual authentication module 314, and an encryption/decryption module 315. 
[0616] Since the control section 310, the storage module 311, the registration information inspection module 312, 
the purchase processing module 313, the mutual authentication module 314, and the encryption/decryption module 
315 have functions similar to those of the control section 91, the storage module 92, the registration information in- 
spection module 93, the purchase processing module 94, the mutual authentication module 95, and the encryption/ 

20 decryption module 96 of the home server 51 respectively, their descriptions are omitted. Incidentally, the encryption/ 
decryption module 315 is composed of a decryption unit 320, an encryption unit 321, a random number generation 
unit 322, a signature generation unit 323, and a signature verification unit 324. 

[0617] The external memory control section 302 performs tamper check, if necessary, in addition to reading and 
writing data in and from the external memory 303. Various kinds of recording media such as a writable optical disk, a 

25 hard disk, or a semiconductor memory can be applied as the external memory 303. Therefore, a structure that can 
read out data from these recording media is necessary as the external memory control section 302, which performs 
reading and writing by adding a recording medium control section (not shown), if necessary. Further, since details of 
the tamper check processing were described in Figures 68 to 71, their descriptions are omitted. 
[061 8] Here, in such an electronic distribution only recording medium 251 , a save key peculiar to the electronic 

30 distribution only recording medium 251 is held by the storage module 311 of the encryption processing section 301. 
In the electronic distribution only recording medium 251 , when the content key is recorded in the external memory 
303, the content key is encrypted by the save key K save , and when the encrypted content key is reproduced 
from the external memory 303, the content key is decrypted by the storage key K^^e and transmitted to the record 
reproduction apparatus 250. 

35 [0619] Therefore, contents recorded in a recording medium by a conventional record reproduction apparatus cannot 
be reproduced by an apparatus (i.e., an apparatus holding a save key different from a save key K^g that has 
encrypted the contents) other than an apparatus that has recorded the contents in the recording medium (i.e., an 
apparatus holding a save key peculiar to an encryption processing section that has encrypted a content key K^, 
to be recorded in the recording medium), whereas the contents recorded in the electronic distribution only recording 

40 medium 251 can be reproduced by any apparatus as far as it has a configuration similar to that of the above-mentioned 
record reproduction apparatus 250 even if it does not hold a save key K^^. 

[0620] Incidentally, in such a record reproduction apparatus 250, since contents are recorded in the electronic dis- 
tribution only recording medium 251 together with the content key by executing purchase processing, the record 
reproduction apparatus 250 can be configured without using the encryption processing section 262 and the extension 

45 section 263 for the purpose of only recording the contents. 

[0621] In addition, in such a record reproduction apparatus 250, since the electronic distribution only recording me- 
dium 251 is detachably provided, and contents can be reproduced from the electronic distribution only recording me- 
dium 251 that has recorded the contents and the content key in another apparatus, the record reproduction appa- 
ratus 250 can be used without connecting to the electronic distribution service center 1 and the network 4 by having 

50 a reproduction function only. 

[0622] However, in the user home network 5, when contents and a content key are recorded in the electronic 
distribution recording medium 251 in the record reproduction apparatus 250 connected to the network 4 as described 
above, and the electronic distribution only recording medium 251 is used for reproducing the contents in a record 
reproduction not connected to the electronic distribution service center 1 or the network 4, it is possible that collection 

55 of charge information held by the electronic distribution only recording medium 251 is difficult in the electronic distri- 
bution service center 1. 

[0623] Thus, in the electronic distribution only recording medium 251 , for example, charge information in the storage 
module 311 is periodically retrieved from the control section 310 in the encryption processing section 301 , and if there 
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is uncollected charge information in the electronic distribution service center 1, contents can only be reproduced only 
one from purchase processing until the charge information is collected by applying reproduction limitation to corre- 
sponding contents, and at the same time, managed transfer of the contents is not performed as well. 
[0624] In this way, in the electronic music distribution system 10, a user owning the electronic distribution only re- 

5 cording medium 251 is prevented from reproducing contents illegally. Incidentally, as a reproduction limitation due to 
uncollected charge information, for example, by setting a number of times contents can be reproduced from purchase 
processing until charge information is collected in advance, counting the number of times of reproducing contents from 
the point of the purchase processing, and when the system detects that the charge information is uncollected, the 
reproduction limitation can be effectively functioned. That is, when it is detected that the charge information is uncol- 

10 lected, the number of times corresponding contents have already been reproduced at this point and the number of 
times of the reproduction limitation set in advance, and when the number of times the contents have already been 
reproduced has reached the set number of times of reproduction limitation, the contents cannot be reproduced. 
[0625] In addition, as such a reproduction limitation, a period (time) may be used. That is, by setting time during 
which contents can be reproduced, if charge information is uncollected after the set time has passed since purchase 

15 processing, the contents cannot be reproduced. Further, in the electronic distribution only recording medium 251, 
limitation contents of the reproduction limitation may be held by associating it with charge information in the storage 
module 311 of the encryption processing section 301, or may be held by associating it with the license conditions 
information in the external membry 303. In addition, by storing reproduction limitation (the number of times or a period) 
in a handling policy and/or price information, at the time of purchase processing, the electronic distribution only record- 

20 ing medium 251 may take out information of the reproduction limitation from the handling policy and/or the price infor- 
mation, prepare license conditions information including this, and hold the prepared license conditions information in 
the external memory 303. 

[0626] Here, purchase processing executed in the record reproduction apparatus 250 will be described using a flow 
chart shown in Figure 93. In step S700, in the state in which a content provide secure container and a service provider 

25 secure container distributed from the service provider 3 via the network 4 are once held in the mass storage section 
266, the upper controller 261 in the record reproduction apparatus 250 decides an effective period (version) of a delivery 
key K d stored in the storage module 311 in the encryption processing section 301 via the control section 310 of the 
encryption processing section 301 in the electronic distribution only recording medium 251 , and if the delivery key 
is effective, the processing proceeds to step S701. 

30 [0627] In step S701, the upper controller 261 determines whether or not a total of charges of charge information 
stored in the storage module 311 in the encryption processing section 301 via the control section 310 of the encryption 
processing section 301 in the electronic distribution only recording medium 251 has reached an upper limit set in 
advance, and if the total of the charges has not reached the upper limit, the processing proceeds to step S702. Inci- 
dentally, in step S701, instead of determining whether or not the total of charges has reached the upper limit, for 

35 example, the upper controller 261 may determine whether or not there is any room the a storage area of charge 
information in the storage module 311, and if there is room in the storage area, the processing may proceed to step 
S702. In addition, in step S701 , the upper controller 261 may determine whether or not a number of charge information 
(i.e., a number of times of purchases) stored in the storage module 311 has reached a number (of upper limit) set in 
advance. 

40 [0628] In step S702, the upper controller 261 reads out a public key certificate of the content provider 2 included in 
the content provider secure container in the mass storage section 266, and transmits the read out public key certificate 
of the content provider 2 to the encryption processing section 301 in the electronic distribution only recording medium 
251 . Thus, in the encryption processing section 301 in the electronic distribution only recording medium 251, the control 
section 310 verifies a signature of the public key certificate of the content provider 2 in the signature verification unit 

45 324 in the encryption/decryption module 315, and if it is confirmed that not tamper is made to the public key certificate 
as a result of the verification of the signature, takes out a public key of the content provider 2 included in the public 
key certificate, and the processing proceeds to step S703. 

[0629] In step S703. the upper controller 261 reads out key data of the contents included in the content provider 
secure container in the mass storage section 266, and transmits the read out key data to the encryption processing 

50 section 301 in the electronic distribution only recording medium 251. Thus, in the encryption processing section 301 
in the electronic distribution only recording medium 251. the upper controller 261 verifies a signature of the key data 
in the signature verification unit 324 in the encryption/decryption module 315, and if it is confirmed that no tamper is 
made to the key data as a result of the verification of the signature, the processing proceeds to step S704. 
[0630] In step S704, the upper controller 261 read out a handling policy of the contents included in the content 

55 provider secure container in the mass storage section 266, and transmits the read out handling policy to the encryption 
processing section 301 in the electronic distribution only recording medium 251. Thus, in the encryption processing 
section 301 in the electronic distribution only recording medium 251, the control section 310 verifies a signature of the 
handling policy in the signature verification unit 324 in the encryption/decryption module 315, and if it is confirmed that 
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no tamper is made to the handling policy as a result of the verification of the signature, the processing proceeds to 

I0631 S ] 7 °?n step S705. the upper controller 261 reads out a public key certificate of the service provider 3 included in 
the service provider secure container in the mass storage section 266, and forwards the read out public key certificate 

5 of the service provider 3 to the encryption processing section 301 in the electronic distribution only record.ng medium 
251 Thus in the encryption processing section 301 in the electronic distribution only recording medium 251 , the control 
section 310 verifies a signature of the public key certificate of the service provider 3 in the signature venfication unit 
324 in the encryption/decryption module 315, and if it is confirmed that no tamper is made to the key data as a result 
of the verification of the signature, the processing proceeds to step S706. 

10 [06321 In step S706. the upper controller 261 reads out price information of the contents included in the service 
provider secure container in the mass storage section 266, and transmits the read out price information to the encryption 
processing section 301 in the electronic distribution only recording medium 251. Thus, in the encryption processing 
section 301 in the electronic distribution only recording medium 251 . the control section 31 0 verifies a signature of the 
price information in the signature verification unit 324 in the encryption/decryption module 315. and if it is confirmed 

15 that no tamper is made to the handling policy as a result of the verification of the signature, the processing proceeds 

[06331 instep S707 the upper controller 261 displays information of purchasable contents in the displaying means 
265 and when a user selects and designates desired contents via the inputting means 264. generates a purchase 
command corresponding to the selected and designated contents, and sends it to the encryption processing section 

20 301 in the electronic distribution only recording medium 251. Thus, the control section 310 of the encryption processing 
section 301 generates charge information and license conditions information based on the handling policy (the handling 
policy whose signature was verified in step S704) and the price information (the price information whose signature was 
verified in step S706) in the purchase processing module 313, and the processing proceeds to step S708. Incidentally, 
selection and designation of desired contents by a user via the inputting means 264 may be performed in advance 

25 prior to the purchase processing. 

[0634] In step S708. the control section 310 in the encryption processing section in the electronic distribution only 
recording medium 251 saves the charge information (the charge information generated in step S707) in the storage 
module 311 and in the subsequent step S709. forwards the license conditions information (the license conditions 
information generated in step S707) to the external memory 303 via the external memory control section 302 thereby 

30 writing the license conditions information in the external memory 303. In addition, the license conditions information 
may be written in a tamper prevention region (as in the external memory of Figure 16) in the same manner as wntmg 
the data described above in Figure 69. Incidentally, the license conditions information may be saved in the storage 
module 31 1 of the encryption processing section 301 in the electronic distribution only record.ng medium 251 . 
[06351 In step S710. the control section 310 of the encryption processing section 301 in the electronic distribution 

35 only recording medium 251 decrypts the encrypted individual key Kj included in the key data (the key data whose 
signature ware verified in the above-mentioned step S703) using the delivery key K<j (the delivery key K„ that was 
confirmed effective in the above-mentioned step S700) in the decryption unit 320 of the encryption/decryption module 
315 

[06361 Then in the decryption unit 320. the control section 3 1 0 decrypts the encrypted content key »<„ included in 
40 the key data using the individual key K, that was previously decrypted. Subsequently, the control section 310 gives the 
decrypted content key K^, and the save key stored in the storage module 311 to the encryption unit 321. and 
encrypts the content key using the save key IC^ in the encryption unit 321 . 

[06371 In step S711 , the control section 31 0 of the encryption processing section 301 in the electronic distribution 
only recording medium 251 forwards the content key encrypted by the save key in step S710 to the externa 

45 memory 303 via the external memory control section 302, and saves the encrypted content key in the external 
memory 303, and the processing proceeds to step S712. In addition, the content key K«, encrypted by the save key 
K may be written in a tamper prevention region (as in the external memory of Figure 1 6) in the similar manner as 
atthe time of writing data described above in Figure 69). Incidentally, the content key encrypted by the save key 
may be saved in the storage module 311 of the encryption processing section 301 in the electronic distnbut.on 

so only recording medium 251. 

[06381 In step S712, the upper controller 261 in the record reproduction apparatus 250 reads out the encrypted 
contents included in the content provider secure container in the mass storage section 266, and forwards the read out 
encrypted contents to the electronic distribution only recording medium 251 . thereby storing the encrypted contents .n 
the external memory 303 in the electronic distribution only recording medium 251 . 

55 [06391 Incidentally, in the step S712, the upper controller 261 may save the handling policy whose signature was 
verified in corresponding step S704 and the price information whose signature was verified in step S706 in the external 
memory 303 together with the encrypted contents. In addition, the encrypted contents (or. the contents and the handling 
policy as well as the price information) may not be saved in the external memory 303 in the step S712, and may be 
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saved in the external memory 303 in a step prior to the step S712. 

[0640] In such purchase processing, if an effective period of the delivery key is expired in step S700. if the total 
of charges of the charge information has reached the upper limit in step S701, if it is decided in step S702 that the 
public key certificate of the content provider 2 is not correct, if it is decided in step S703 that the signature of the key 

5 data is not correct, if it is decided in step S704 that the signature of the handling policy is not correct, if it is decided in 
step S705 that the public key certificate of the service provider 3 is not correct, and if it is decided in step S706 that 
the signature of the price information is not correct, the processing proceeds to step S713 in each case, where error 
processing is executed. Incidentally, in such purchase processing, although a case in which a signature of contents is 
not verified is shown, the signature of the contents may be verified in any of the steps prior to saving the contents in 

10 the external memory 303. 

[0641 J Incidentally, if data is transmitted and received between the record reproduction apparatus 250 and the elec- 
tronic distribution only recording medium 25*1, a signature is attached to the data on the transmission side, and the 
signature is verified on the receiving side. 

[0642] As described above, the record reproduction apparatus 250 executes the purchase processing in the elec- 
15 tronic distribution only recording medium 251, thereby recording the contents encrypted by the content key Kco in the 
external memory 303 of the electronic distribution only recording medium 251 and the content key encrypted by 
the save key ^ peculiar to the encryption processing section 301 of the electronic distribution only recording medium 
251. . 

[0643] In addition, reproduction processing executed in the record reproduction apparatus 250 will be descnbed with 
20 reference to a flow chart shown in Figure 94. In step S720. the upper controller 261 in the record reproduction apparatus 
250 forwards an ID of the contents that is instructed by a user via the inputting means 264 to be reproduced to the 
encryption processing section 301 in the electronic distribution only recording medium 251. 

[0644] In step S721, by forwarding an ID of the contents given from the upper controller 261 to the external memory 
control section 302. the control section 310 of the encryption processing section 301 in the electronic distribution only 

25 recording medium 251 reads out the encrypted content key K^, and license conditions information corresponding to 
the ID from the external memory 303 via the external memory control section 302. and forwards the read out encrypted 
content key to the decryption unit 320 of the encryption/decryption module 315, and at the same time, forwards 
the license information to the control section 310. Further, the external memory control section 302 may perform tamper 
check in the similar manner as at the time of reading out data described above for Figure 68 when reading out the 

30 encrypted content key K^, and license conditions information from the external memory 303. Incidentally, in the elec- 
tronic distribution only recording medium 251, the encrypted content key and the license conditions information 
may be held in the storage module 311 of the encryption processing section 301 and may be read out from the storage 
module 311. 

[0645] In addition to this, the control section 31 0 of the encryption processing section 301 retrieves charge information 
35 in the storage module 311 based on an ID of the contents in step S722, and in the subsequent step S723, determines 
whether or not there is charge information corresponding to the ID of the contents in the storage module 311, and if 
the charge information corresponding to the ID has already been collected by the electronic distribution service center 
1 and does not exist in the storage module 311, the processing proceeds to step S724. 

[0646] In step S724, the control section 310 of the encryption processing section 301 updates the license conditions 
40 information, if necessary. That is, if utilization right contents included in the license conditions information is, for exam- 
ple, a number of times right, the control section 310 indicates to subtract the number of times of reproduction indicated 
by the number of times right. Then, the encryption processing section 301 saves the updated license conditions infor- 
mation in the external memory 303 via the external memory control section 302. At this point, the external memory 
control section 302 may perform tamper check as at the time of rewriting data described above for Figure 70. Inciden- 
45 tally, the license conditions information may be updated and saves in the storage module 31 1 of the encryption process- 
ing section 301. 

[0647] Subsequently, in step S725, the control section 310 of the encryption processing section 301 in the electronic 
distribution only recording medium 251 performs mutual authentication with the encryption processing section 262 of 
the record reproduction apparatus 250 using each other's mutual authentication modules 314 and 274, and shares the 
50 temporary key Ktempi. and the processing proceeds to step S726. Incidentally, since the mutual authentication process- 
ing procedures were described above for Figure 51, their detailed description are omitted. 

[0648] In step S726, the control section 310 of the encryption processing section 301 in the electronic distribution 
only recording medium 251 decrypts the encrypted content key by the save key ^ stored in the storage module 
311 in the decryption unit 320, and forwards the decrypted content key to the encryption unit 321 . Then, the control 
55 section 310 encrypts the content key K^, in the encryption unit 321 using the temporary key K temp1 shared with the 
mutual authentication module 274 in step S625. and the processing proceeds to step S727. 

[0649] In step S727, the control section 310 of the encryption processing section 301 in the electronic distribution 
only recording media 251 transmits the content key encrypted by the temporary key K temp1 to the encryption 



63 



EP 1 128 598 A1 



processing section 262 of the record reproduction apparatus 250. 

[0650] In step S728, the control section 270 of the encryption processing section 262 in the record reproduction 
apparatus 250 takes the encrypted content key transmitted from the electronic distribution only recording medium 
251 in the decryption processing unit 280 of the encryption/decryption module 275, in step S725, decrypts the encrypted 
5 content key using the temporary key K temp1 shared with the mutual authentication module 314 in the decryption 
unit 280, and forwards the decrypted content key to the encryption unit 281. 

[0651] Then, in step S729, the control section 270 of the encryption processing section 262 in the record reproduction 
apparatus 250 performs mutual authentication with the extension section 263 using each other's mutual authentication 
modules 274 and 290, and shares the temporary key K^^. Incidentally, since the mutual authentication processing 
10 procedures was described above for Figure 51, their detailed description is omitted. 

[0652] Thus, in step S730, the control section 270 of the encryption processing section 262 in the record reproduction 
apparatus 250 encrypts the content key using the temporary key K temp2 shared with the extension section 263 by 
the encryption unit 281 , thereby forwarding the encrypted content key to the extension section 263 in the subsequent 
step S731. 

15 [0653] In step S732, the key decryption module 291 of the extension section 263 takes in the encrypted conten^key 
given by the encryption processing section 262. decrypts the encrypted content key using the temporary key 
K tem P 2 shared with the encryption processing section 262, and forwards the decrypted content key to the decryption 
module 292. 

[0654] In step S733, the decryption module 292 of the extension section 263 is at this point given the encrypted 
20 contents read out from the external memory 303 in the electronic distribution only recording medium 251 by the upper 
controller 261, decrypts the encrypted contents using the content key given by the key decryption module 291, 
and forwards the decrypted contents to the extension module 293. 

[0655] In step S734, the extension module 293 of the extension section 263 extends the contents given by the 
decryption module 292 by a predetermined method such as ATRAC, and forwards the extended contents to the elec- 
25 tronic watermark addition module 294. In step S735, the electronic watermark module 294 of the extension section 
263 inserts predetermined data such as an ID of the encryption processing section 301 of the electronic distribution 
only recording medium 251 instructed by the control section 270 of the encryption processing section 262 in the form 
of an electronic watermark in the extended contents given by the extension module 293. 

[0656] Then, in step S736, by forwarding the contents obtained in the extension section 263 to, for example, a speaker 
30 (not shown), the upper controller 261 of the record reproduction apparatus 250 generates music based on the contents 
via the speaker. Thus, the record reproduction apparatus 250 can reproduce contents in this way. 
[0657] Here, if charge information corresponding to the ID of the contents is stored in the storage module 311 in step 
S723, the control section 310 of the encryption processing section 301 in the electronic distribution only recording 
medium 251 refers to the reproduction limitation at the time when charge information is uncollected in step S737, and 
35 determines whether or not the contents whose charge information is uncollected satisfy reproduction available condi- 
tions. 

[0658] Then, if the contents do not satisfy the reproduction available conditions (i.e., if the contents have already 
been reproduced for the number of times defined in the reproduction limitation, or if a reproduction available period 
has lapsed), the control section 310 of the encryption processing section 301 terminates this reproduction processing. 

40 On the other hand, if the contents satisfy the reproduction available conditions (i.e., if the number of times of repro- 
duction of the contents is less than the number of times defined by the reproduction limitation), the processing proceeds 
to step S724, where the control section 310 updates the license conditions information, if necessary. Incidentally, the 
reproduction limitation to be used when chare information is uncollected may be held in the storage module 311 of the 
encryption processing section 301 in the electronic distribution only recording medium 251 or the external memory 

45 303, or may be stored in data of a handling policy or price information, or the like. 

[0659] Incidentally, the electronic distribution only recording medium 251 may be provided in the home server 51 
described above for Figure 15 or the fixed apparatus 52. 

[0660] As described above, although, in the record reproduction apparatus 250, the contents encrypted by the content 
key and the content key can be generated from the electronic distribution only recording medium 251 and the 
50 contents encrypted by the content key can be decrypted by the content key K^, until charge information is collected, 
the content can be utilized in accordance with the reproduction limitation set in advance, and after the charge information 
is collected, the content can be utilized in accordance with utilization right contents purchased by the purchase process- 
ing. 

[0661] In the above-mentioned configuration, the electronic music distribution system 1 0 is provided with the record 
55 reproduction apparatus 250 to which the electronic distribution only recording medium 251 is detachably inserted as 
an apparatus in the user home network 5, and when the contents encrypted by the content key K^, the content key 
encrypted by the individual key K { and the individual key K t encrypted by the delivery key K d (i.e., a content provider 
secure container and a service provider secure container) are transmitted from the service provider 3, controls the 
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electronic distribution only recording medium 251 by the record reproduction apparatus 250 to execute purchase 
processing, records the contents encrypted by the content key in the electronic distribution only recording medium 
251 in the external memory 303, and at the same time, decrypts the individual key K, encrypted by the delivery key 
by the delivery key decrypts the content key encrypted by the individual key K, by the individual key K,, and 
5 encrypts the decrypted content key K^, by the save key K save peculiar to the electronic distribution only recording 
medium 251 to record in the external memory 303. Incidentally, in the electronic distribution only recording medium 
251, the save key is saved in the storage module 311 of the encryption processing section 301 having tamper 
resistant feature in the electronic distribution only recording medium 251. 

[0662] In addition, by controlling the electronic distribution only recording medium 251 at the time of reproduction 

w processing, the record reproduction apparatus 250 reads out the contents encrypted by the contents key and the 
content key encrypted by the save key from external memory 303, decrypts the content key encrypted 
by the save key K^^ by the save key K^o, thereby taking out the contents encrypted by the content key and the 
decrypted content key in the electronic distribution only recording medium 251 . Then, the record reproduction 
apparatus 250 decrypts the contents encrypted by the content key using the content key using the encryption 

15 processing section 262 and the extension section 263. 

[0663) Therefore, in the electronic music distribution system 10, although the contents encrypted by the content key 
and the content key encrypted by the save key K save are recorded in the external memory 303 by the record 
reproduction apparatus 250 in the electronic distribution only recording medium 251, since the contents encrypted by 
the content key K^, and the decrypted content key are read out from the electronic distribution only recording 

20 medium 251, it is not necessary to save a save key peculiar to the encryption processing section 262 in the record 
reproduction apparatus 250. Thus, in the electronic music distribution system 10. since other apparatuses different 
from the record reproduction apparatus 250 in which the electronic distribution only recording medium 251 records 
contents can reproduce the contents using the electronic distribution only recording medium 251 if the apparatuses 
have the encryption processing section 262 and the extension section 263 similar to those of the record reproduction 

25 apparatus 250, generality of the electronic distribution only recording medium 251 can be dramatically improved. 

[0664] 1" addition, in the electronic distribution only recording medium 251 , even if contents or a content key is 
illegally read out from the external memory 303, by holding the save key K^ ve used in encrypting the content key 
for decrypting contents in the storage module 311 in the encryption processing section 301 having tamper resistant 
feature, the save key K^e can be prevented from being illegally read out, thereby enabling to prevent the contents 

30 from being illegally utilized. 

[0665] Moreover, in the electronic music distribution system 10, due to the increased generality of the electronic 
distribution only recording medium 251 , until charge information for contents recorded in the electronic distribution only 
recording medium 251, by limiting utilization of the contents (limiting a number of times and a period of reproduction 
and copying), illegal utilization of the contents can be prevented while the charge information is uncollected. 

35 [0666] According to the above-mentioned configuration, a save key peculiar to the electronic distribution only 
recording medium 251 detachably inserted in the record reproduction apparatus 250 is held in the electronic distribution 
only recording medium 251, the record reproduction apparatus 250 transmits the contents encrypted by the content 
key Kcq, the content key encrypted by the individual key K t , and the individual key K, encrypted by the delivery key 
K d to the electronic distribution only recording medium 251 at the time of purchase processing, and in the electronic 

40 distribution only recording medium 251, after recording the contents encrypted by the content key in the external 
memory 303 and decrypting the encrypted individual key K } by the delivery key K d , decrypts the encrypted content key 
Koo by the individual key K;, encrypts the obtained content key by the save key ^ to record in the external 
memory 303, and takes out the contents encrypted by the content key and the content key decrypted by the 
save key K^ we from the electronic distribution only recording medium 251 at the time of reproduction processing to 
45 decrypt the contents, thereby enabling reproduction of the contents from the electronic distribution only recording me- 
dium 251 even if the electronic distribution only recording medium 251 is inserted in another record reproduction ap- 
paratus 250 different from the record reproduction apparatus 250 used for recording the contents, thus an electronic 
music distribution system that can dramatically increase generality of the electronic distribution only recording medium 
251 can be realized. 

50 [0667] Incidentally, in such an electronic music distribution system 10. the delivery key is not held in the electronic 
distribution only recording medium 251, or the delivery key is not used even if it is held, and after decrypting the 
content key encrypted by the individual key K t by the individual key Kj at the time of recording contents by the 
record reproduction apparatus 250, the content key may be encrypted using the temporary key mutually 
authentication and shared with the electronic distribution only recording medium 251 , and the content key encrypted 

55 by the temporary key K,^ may be transmitted to the electronic distribution only recording medium 251 together with 
the contents encrypted by the content key K^. 

[0668] In addition, although the content provider 2 is applied as an information transmission apparatus in the present 
invention, the content provider 2 and the service provider 3 may be applied as the information transmission apparatus. 
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(8) Proxy processing of charge information and managed transfer processing of a utilization right 

[0669] The electronic distribution only recording medium 251 described above for Figure 92, for example, when 
inserted in the home server 51 that is a management apparatus in the user home network 5 that is the data management 
5 system described above for Figure 1 5 as an apparatus to be connected to the electronic distribution service center 1 , 
can transmit charge information held in the storage module 311 of the encryption processing section 301 to the home 
server 5, thus can cause the electronic distribution service center 1 to collect the charge information from the home 
server 51. 

[0670] Thus, in the electronic distribution only recording medium 251, although, when holding charge information, 

10 for preventing illegal utilization of contents, a utilization right of the contents (a right for reproducing the contents) cannot 
be transferred to another apparatus (transfer with limitation, managed transfer) together with the contents, or deleted 
(deletion cannot be executed unless the charge processing is completed), when transmitting the charge information 
to the homes server 51 in this way, the utilization right of the contents can be transferred to another apparatus (transfer 
with limitation, managed transfer) together with the contents corresponding to the charge information in accordance 

15 with the transfer processing procedures of the managed transfer right described above for Figure 82. 

[0671] Incidentally, when a utilization right of contents is transferred to another apparatus together with the contents 
from the electronic distribution only recording medium 251, an apparatus having obtained the contents and their utili- 
zation right can return the contents and their utilization right only to the electronic distribution only recording medium 
251 , if necessary. However, since the electronic distribution only recording medium 251 can be carried freely, it is 

20 sometimes difficult to easily return the contents and their utilization right from another apparatus. 

[0672] Therefore, for example, the home server 51 (Figure 1 5) as an apparatus in the user home network 5 connected 
to the electronic distribution service center 1 , when taking in charge information held in the electronic distribution only 
recording medium 251, takes in corresponding contents and their utilization right altogether from the electronic distri- 
bution only recording medium 251, and manages the taken in contents and their utilization right on behalf of the elec- 

25 tronic distribution only recording medium 251 . 

[0673] Actually, proxy processing of charge information executed in the home server 51 and transfer (transfer with 
limitation, managed transfer) of a right (utilization right) for reproducing contents will be described with reference to a 
flow chart shown in Figure 95. In step S740, the electronic distribution only recording medium 251 is inserted in the 
home server 51 , and when a user inputs an execution instruction of proxy processing of charge information and transfer 

30 processing of a utilization right via the inputting means 63 in this state, with the upper controller 62 controlling the home 
server 51 and the electronic distribution only recording medium 251 , the control section 91 of the encryption processing 
section 65 in the home server 51 mutually authenticates with the encryption processing section 301 in the electronic 
distribution only recording medium 251 using each other's mutual authentication modules 95 and 314 and shares the 
temporary key K,^. 

35 [0674] Then, in step S741, the control section 310 of the encryption processing section 301 in the electronic distri- 
bution only recording medium 251 forward the charge information held in the storage module 311 to the encryption 
unit 321 in the encryption/decryption module 315, encrypts the charge information by the temporary key in the 

encryption unit 321, and forwards the encrypted charge information to the signature generation unit 323. 
[0675] In addition, the control section 310 of the encryption processing 301 reads out in ID of a content provider, an 

40 ID of a handling policy and a handling policy corresponding to a version of the handling policy included in the charge 
information, and an ID of a service provider, an ID of price information and price information corresponding to a version 
of the price information from the external memory 303 via the external memory control section 302, and forwards the 
read out handling policy and price information Jo the. signature generation unit 323. Thus, the control section 310 of 
the encryption processing section 301 attach signatures to the charge information and the handling policy encrypted 

45 by the temporary K^p as well as the entire price information (or individually) in the signature generation unit 323, and 
transmits the charge information and the handling policy as well as the price information to which the signatures are 
attached to the upper controller 62 of the home server 51 via the communication section 300. 

[0676] Incidentally, in the electronic distribution only recording medium 251 , since a third party illegal obtains profit 
if charge information is tampered during transmission, a signature is always attached to the charge information and 

50 whether or not tamper is made is checked. In addition, since there is no specific hindrance even if contents of the 
charge information are seen, the charge information may be sent without encryption. In the home server 51, proxy 
processing of charge information and transfer processing of a utilization right can be executed without using a handling 
policy and price information. Therefore, in the electronic distribution only recording medium 251, the handling policy 
and the price information may be transmitted to the home server 51, if necessary. 

55 [0677] In step S742, the upper controller 62 of the home server 51 forwards the charge information and the handling 
policy as well as the price information transmitted from the electronic distribution only recording medium 251 to the 
control section 91 of the encryption processing section 65. Thus, the control section 91 verifies the signatures attached 
to the charge information and the handling policy as well as the price information in the signature verification unit 115 
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in the encryption/decryption module 96, and if these are not tampered, decrypts the charge information encrypted by 
the temporary key K temp by the temporary key K temp . 

[0678] Then, in step S743, the control section 310 of the encryption processing section 301 in the electronic distri- 
bution only recording medium 251 retrieves an ID of contents indicated by the charge information (the charge infor- 
5 mation transmitted to the home server 51 in step S741, which remains as it is unless deleted in the storage module 
311) held in the storage module 311 at this point in step S742, and reads out all corresponding license conditions 
information and contents encrypted by the content key from the external memory 303 via the external memory 
control section 302 based on the retrieved ID of the contents. 

[0679] By forwarding the read out content key to the decryption unit 320 of the encryption/decryption module 
10 315, the control section 310 of the encryption processing section 301 decrypts the content key encrypted by the 
wave key.Ksave by the save key K^ ve held in the storage module 311 in the decryption unit 320, and then encrypts the 
decrypted content key by the temporary key K temp in the encryption unit 321. Then, after attaching signatures to 
the content key together with the license conditions information and the encrypted contents read out from the 
external memory 303 in the signature generation unit 323, the control section 310 transmits them to the homes server 
15 51 via the communication section 300. Incidentally, signatures may be attached to the license conditions information, 
the contents and the content key individually, or may be attached to the entirety of the license conditions information, 
the contents and the content key K^. Moreover, a signature may be attached to contents. 

[0680] z Subsequently, in step S744, the control section 91 of the encryption processing section 65 in the home server 
51 takes in the license conditions information and the encrypted contents transmitted form the electronic distribution 

20 only recording medium 251 as well as the content key encrypted by the temporary key K temp via the upper controller 
62, and after verifying the signatures attached to the license conditions information and the encrypted contents as well 
as the content key encrypted by the temporary key K^p in the signature verification unit 115, if these are not 
tampered, decrypts the content key encrypted by the temporary key K,^ by the temporary key K^p. 
[0681] Thus, in step S745, the upper controller 62 in the home server 51 saves in the mass storage section 68 the 

25 contents encrypted by the content key obtained from the encryption processing section 65 (the contents whose 
signature was verified in step S744) and the handling policy and the price information obtained if necessary (the han- 
dling policy and the price information whose signatures were verified in step S742). Incidentally, in step S745, recording 
processing in the mass storage section 68 to be executed may be executed immediately after data is transmitted in 
steps S741 and S743. 

30 [0682] In addition, in step S746, the control section 91 of the encryption processing section 65 in the home server 
51 saves the charge information (the charge information whose signature was verified in step S742) in the storage 
module 92, and at the same time, changes the ID of the encryption section (the ID of the encryption section of the 
apparatus that applied purchase processing to the contents) stored in the license conditions information (the license 
conditions information whose signature was verified in step S744) to its own ID (i.e., the ID of the encryption processing 

35 section 65 in the home server 51) to update the license conditions information. 

[0683] Then, in step S747, the control section 91 of the encryption processing section 65 in the home server 51 
encrypts the content key K^, (the content key decrypted in step S744) by the save key held in the storage 
module 92 in the encryption unit 112 in the encryption/decryption module 96, and saves the license conditions infor- 
mation (the license conditions information updated in step S746) in the external memory 67 together with the encrypted 

40 content key via the external memory control section 97. Incidentally, since the tamper check upon writing data in 
the external memory 67 is executed in the similar manner as in the processing procedures described above for Figure 
69, its description is omitted. 

[0684] Then, in step S748, the control section 91 of the encryption processing section 65 in # the home server 51 
saves the chare information, the encrypted contents, the content key K^, the license conditions information, the harv 
45 dling policy and the price information transmitted form the electronic distribution only recording medium 251 respectively 
in this way. and transmits processing completion data indicating that the proxy processing of the charge information 
and the transfer of the utilization right have been completed to the electronic distribution only recording medium 251 
via the upper controller 62. 

[0685] Thus, in step S749, when receiving the processing completion data transmitted from the home server 51 , the 
50 control section 310 of the encryption processing section 301 in the electronic distribution only recording medium 251 
deletes the contents encrypted by the content key K^, the content key encrypted by the save key Ks ave , the license 
conditions information (i.e., the license conditions information transmitted to the home server 51 in step S743), and 
the handling policy and the price information (i.e., those transmitted to the home server 51 in step S742), if necessary, 
in the external memory 303 respectively via the external memory control section 302. Incidentally, since the tamper 
55 check at the time of deleting data in the external memory 303 is executed in the similar manner as in the processing 
procedures described above for Figure 71, its description is omitted. 

[0686] In addition to this, in step S750. the control section 310 of the encryption processing section 301 in the elec- 
tronic distribution only recording medium 251 deletes the charge information (i.e., the charge information transmitted 
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to the home server 51 in step S741) in the storage module 311, thereby completing the processing procedures. 
[06871 As described above, in the electronic distribution only recording medium 251, by transmitting the charge 
information held in the storage module 311 in the encryption processing section 301 to the home server 51 together 
with the corresponding contents and the content key K^, as well as the license conditions information to the home 
5 server 51 , and at this point, deleting the charge information, the contents, the content key K^, and the license conditions 
information transmitted to the home server 51 from the inside storage module 311 and the external memory 303, the 
contents are managed by the home server 51 . 

[0688] Then, in the home server 51, when the contents were taken in from the electronic distribution only recording 
medium 251, since the ID of the encryption processing section of the license conditions information taken in together 

10 with the contents was changed and the home server 51 itself was made an owner of the contents, the contents can 
be transferred to another apparatus in accordance with the transfer processing procedures of the managed transfer 
right described above for Figure 82, and the contents returned from each apparatus can be taken in accordance with 
the return processing procedures of the managed transfer right described above for Figure 83. 
[0689] In the above-mentioned configuration, the electronic music distribution system 10 caused the electronic dis- 

15 tribution only recording medium 251 to execute purchase processing using the record reproduction apparatus 250 that 
is a recording apparatus, and causes the electronic distribution only recording medium 251 to hold a right for repro- 
ducing contents, license conditions information and charge information together with the contents. Then, in order to 
cause the electronic distribution service center 1 to collect the charge information held by the electronic distribution 
only recording medium 251. when the electronic distribution only recording medium 251 is inserted in the home server 

20 51 in the user home network 5, the home server 51 takes in the charge information held in the electronic distribution 
only recording medium 251 together with the corresponding contents, utilization right and license conditions information 
to manage the contents in stead of the electronic distribution only recording medium 251. 

[0690] Therefore, in the electronic music distribution system 10, contents of which the home server 51 takes up 
management from the electronic distribution only recording medium 251 in the user home network 5 and its utilization 

25 right can be managed and transferred to another apparatus, recording medium or electronic distribution recording 
medium 251, and the same time, these apparatuses, recording medium and electronic distribution only recording me- 
dium 251 can return the contents to the home server 51, thus the contents obtained by purchase processing in the 
electronic distribution only recording medium 251 can be easily utilized for another apparatus, recording medium and 
the electronic distribution only recording medium 251 in the user home network 5 under the management of the home 

30 server 51. 

[0691] In addition, in the electronic distribution only recording medium 251, since limitation is attached to a purchased 
utilization right if charge information is held, the charge information needs to be collected by the home server 51 con- 
nected to the electronic distribution service center 1. Then, in the electronic distribution only recording medium 251, if 
management of the corresponding contents is transferred to the home server 51, free regions is easily secured in the 
35 external memory 302, thus unnecessary deletion of already held contents can be prevented in the purchase processing 
of contents. 

[0692] Moreover, in the user home network 5, since the contents that is applied purchase processing and obtained 
in the electronic distribution only recording medium 251 is stored and managed in this way by the home server 51. 
contents more than the volume that can be held in the electronic distribution only recording medium 251 (i.e., depending 

40 on a storage volume of the external memory 303) can be easily owned. 

[0693] According to the above-mentioned configuration, by moving the contents that is applied purchase processing 
and held in the electronic distribution only recording medium 251 using the record reproduction apparatus to the home 
server 51 in the user home network 5 together with their charge information, and managing and concurrently storing 
the contents in the home server 51, the contents whose management is taken up from the electronic distribution only 

45 recording medium 251 can be managed and transferred to another apparatus, recording medium or electronic distri- 
bution only recording medium 251 in the user home network 5, thus an electronic music distribution system in which 
the contents recorded in the electronic distribution only recording medium 251 can be easily utilized by various kinds 
of apparatuses such as another apparatus and recording medium in the user home network 5 can be realized. 

50 (9) Online charge purchase processing 

[0694] In such an electronic music distribution system 10, a system can be constructed by connecting online the 
electronic distribution service center 1 that is an information control apparatus and the service provider 3 that is an 
information transmission apparatus via a network, and at the same time, connecting online the service provider 3 and 
55 the home network 5 (actually, the home server 51 that is an information receiving apparatus) . 

[0695] A flow of data through the entire electronic music distribution system 10, when constructed, is shown in Figure 
96. Since the transmission of data from the content provider 2 to the service provider 3, and the transmission of data 
from the service provider 3 to the user home network 5 are similar to the data flow described above for Figure 20, their 
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detailed descriptions are omitted. 

[0696] The user home network 5 (the home server 51) encrypts charge information, attaches a signature to the 
encrypted charge information, and transmits it to the electronic distribution service center 1 via the service provider 3. 
Incidentally, although information required in the electronic distribution service center 1 such as information required 
5 for settlement is included in the handling policy and the price information used for purchase processing, since such 
various kinds of information is also included in the charge information, the user home network 5 (the home server 51) 
is made not to transmit handling policy and price information to the electronic distribution service center 1 at the time 
of purchase processing. 

[0697] In addition, update of a delivery key K d and registration information (not shown) is also performed between 
10 the electronic distribution service center 1 and the user home network 5 via the service provider 3. Thus, the user home 
network 5 does not need to switch a communication route to be used in communicating data with the service provider 
3 and the electronic distribution service center 1 and can reduce processing of a communication section compared 
with the example of an establishment of a system described for Figure 1. 

[0698] Incidentally, in the case in which transmission and reception of data are performed between the user home 
15 network^ (the home server 51) and the electronic distribution service center 1. the service provider 3 is used as a 
communication route between the user home network 5 (the home server 51) and the electronic distribution service 
center 1 , and the data cannot be tampered. 

[0699] .Here, in the home server 51 in the user home network 5. in some case, charge information generated by 
purchase processing is saved in the storage module 92 in the encryption processing section 65 and the saved charge 

20 information (which may be plurality of pieces) are transmitted to the electronic distribution service center 1 altogether 
at a predetermined timing, and in other cases, the generated charge information is transmitted to the electronic distri- 
bution service center 1 while performing purchase processing. Incidentally, in some cases, in online charge purchase 
processing for transmitting the generated charge information to the electronic distribution service center 1 while per- 
forming purchase processing, whether or not to execute the online charge purchase processing is described in the 

25 handling policy or the price information. 

[0700] The online charge purchase processing to be executed in the home server 51 will be described with reference 
to a flow chart shown in Figure 97. In step S760, the control section 91 of the encryption processing section 65 in the 
home server 51 decides an effective period (version) of the delivery key stored in the storage module 92 under the 
control of the upper controller 62, and if the delivery key Kc is effective, the processing proceeds to step S761. 

30 [0701] In step S761 , the control section 91 of the encryption processing section 65 determines whether or not a total 
of charges of the charge information stored in the storage module 92 has reached an upper limit set in advance, and 
if the total of the charges has not reached the upper limit, the processing proceeds to step S762. Incidentally, since 
the charge information is not saved in the storage module 92 if the charge information generated at this point is trans- 
mitted to the electronic distribution service center 1 while performing purchase processing, the control section 91 of 

35 the encryption processing section 65 does not execute the processing of step S761, and the processing proceeds to 
step S762. 

[0702] Since steps S762 through S766 execute processing simitar to steps S162 through S169 described above for 
Figure 67, respectively, their detailed descriptions are omitted. In step S767, the upper controller 62 of the home server 
51 displays information (e.g., a purchasable utilization form, price or the like) of purchasable contents using the dis- 
40 playing means 64, thus, a user can select a purchase item using the inputting means 63. Then, a signal inputted from 
the inputting means 63 is forwarded to the upper controller 62 of the home server 51. and the upper controller 62 
generates a purchase command based on the signal and forwards the purchase command to the control section 91 
" of the encryption processing section 65. Incidentally, such input processing may be performed at the start of online 
charge purchase processing. 

45 [0703] When the purchase command is given by the upper controller 62, the control section 91 of the encryption 
processing section 65 generates charge information and license conditions information based on the handling policy 
whose signature was verified in step S764 and the price information whose signature was verified in step S766. Inci- 
dentally, at this point, the control section 91 generates charge information and license conditions information using an 
RAM (Random Access Memory) for executing data processing provided in the encryption processing section 65, and 

50 holds the generated charge information and the license conditions information in the RAM as they are. 

[0704] Then, in step S768, the control section 91 of the encryption processing section 65 in the home server 51 
mutually authenticates with the mutual authentication section 17 of the electronic distribution service center 1 using 
the mutual authentication module 95, and shares the temporary key with the electronic distribution service center 
1. 

55 [0705] Subsequently, in step S769, after encrypting the charge information by the temporary key K temp using the 
encryption unit 112 of the encryption/decryption module 96, the control section 91 of the encryption processing section 
65 in the home server 51 attaches a signature using the signature generation unit 114, and transmits the charge 
information to the electronic distribution service center 1 via the service provider 3. Incidentally, the home server 51 
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encrypts the charge information by the temporary key K,^ prior to the transmission to the electronic distribution 
service center 1. This is for the purpose of protecting privacy of a user purchasing the contents. In addition, the home 
server 51 sometimes transmits unencrypted charge information to the electronic distribution service center 1 with a 
signature attached. 

5 [0706] In step S770, when receiving the charge information encrypted by the temporary key transmitted from 
the home server 51, the electronic distribution service center 1 verifies a signature attached to the charge information, 
and if no tamper is made, decrypts the charge information encrypted by the temporary key K^p using the temporary 
key shared with the home server 51 , thereby storing the decrypted charge information in the history data man- 
agement section 1 5. 

10 [0707] Then, in step S77 1 , upon saving the charge information in this way, the electronic distribution service center 
1 generates receipt data indicating that the charge information is received, attaches a signature to the generated receipt 
data, and transmits the data to the home server 51 via the service provider 3. Thus, the control section 91 of the 
encryption processing section 65 in the home server 51 takes in the receipt data transmitted from the electronic dis- 
tribution service center 1 sequentially via the communication section 61 and the upper controller 62, verifies a signature 

15 attached to the receipt data by the signature verification unit 115, and if the receipt data is not tampered, deletes, the 
charge information held in the RAM, and the processing proceeds to step S772. 

[0708] Since steps S772 through S774 sequentially executes processing similar to steps S172 through S174 de- 
scribed above for Figure 67, their detailed description is omitted. Incidentally, steps S772 through S774 may be exe- 
cuted in any order. In addition, since registration information update processing executed in step S775 is similar to the 

20 registration information update processing described above for Figures 61 and 62, its detailed description is omitted. 
Moreover, since step S776 executes error processing in the similar manner as in step S176 described above for Figure 
67, its detailed description is omitted. Incidentally, in such online charge purchase processing, contents, a handling 
policy and price information encrypted by the content key are held in the external memory 67 via the external 
memory control section 97 in any of the steps after signatures attached to these are verified. 

25 [0709] Further, in step S770, when determining that illegal data exists due to tampering of charge information, or the 
like as a result of verifying a signature of the charge information, the electronic distribution service center 1 does not 
save the charge information in a history data management section. Then, in step S771, the electronic distribution 
service center 1 generates receipt rejection data indicating that the charge information is not received because it is 
illegal data, and transmits the data to the homes server 51 via the service provider 3. At this point, when the receipt 

30 rejection data transmitted from the electronic distribution service center 1 is received by the communication section 
61, the upper controller 62 of the home server 51 causes the control section 91 of the encryption processing section 
65 to terminate purchase processing based on the receipt rejection data, and at the same time, notifies a user via the 
displaying means 64 that contents the user is trying to purchase cannot be purchased. 

[071 0] As described above, in the online charge purchase processing executed in the home server 51 , contents can 
35 be purchased only when the electronic distribution service center 1 permits purchase processing during the purchase 
processing. Further, although the electronic distribution service center 1 transmits receipt data and receipt rejection 
data as they are in this embodiment, the data may be transmitted with a signature added after the data is encrypted 
by the temporary key K temp , and in the home server 51, after verifying the signature attached to the encrypted receipt 
data and receipt rejection data, the encrypted receipt data and receipt rejection data is decrypted by the temporary 
40 key K^p, and whether or not the charge information has been collected may be confirmed based on the decrypted 
receipt data and receipt rejection data. 

[0711] In the above-described configuration, in the electronic music distribution system 10, if online charge purchase 
processing is executed in the home server 51, the electronic distribution service center 1 receives charge information 
* transmitted from the home server 51 during the purchase processing, determines whether or not the charge information 
45 is illegal data by verifying a signature attached to the charge information, and when it is determined that the charge 
information is legal data as a result (i.e., when the home server 51 receives receipt data), causes the home server 51 
to execute purchase processing continuously and purchase contents. 

[0712] On the other hand, in the electronic music distribution system 10, when the electronic distribution service 
center 1 determines that charge information is illegal data during purchase processing executed in the home server 
50 51 (i.e.. when the home server 51 receives receipt rejection data), the electronic distribution service center 1 causes 
the home server 51 to terminate the purchase processing and prohibits purchasing contents. 

[071 3] Therefore, in the electronic music distribution system 10, even if charge information transmitted from the home 
server 51 to the electronic distribution service center 1 is tampered (charge information is tampered outside the en- 
cryption processing section 65, or on a communication route between the home server 51 and the electronic distribution 
55 service center 1). for example, object of purchase contents are changed to other contents, or a utilization right of 
contents is changed to other utilization rights, these illegal contents and illegal utilization right can be prevented from 
being purchased. 

[0714] In addition, even if charge information transmitted from the home server 51 to the electronic distribution service 
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center 1 is tampered, or price of contents, or a distributed party of profit from purchase of contents is changed, pur- 
chasing the contents for an illegal price or a third party's gaining illegal profit can be prevented. 
[071 5] According to the above-described configuration, by connecting online the electronic distribution service center 
1 and the user home network 5, transmitting charge information generated at this time to the electronic distribution 

5 service center 1 while the home server 51 executes purchase processing, determining whether or not the charge 
information is legal data by the electronic distribution service center 1, and when it is determined that the charge 
information is illegal data, causing the home server 51 to terminate the purchase processing to prevent the contents 
from buying, illegal purchase of the contents and their utilization right due to tamper of the charge information can be 
prevented, thus an electronic music distribution system that can prevent contents from being illegally utilized can be 

10 realized. 

[071 6] Incidentally, although the electronic distribution service center 1 determines whether or not to permit purchase 
of contents based on charge information transmitted from the home server 51, utilization permission data describing 
contents that a user tries to purchase or a utilization right is transmitted from the home server 51 like license conditions 
information, and the electronic distribution service center 1 may determine whether or not to permit purchase or utilh 
15 zation df the contents based on the utilization permission data. 

(10) Configuration of an information provision apparatus 

[0717] ""' In Figure 98 in which parts corresponding to Figure 1 are shown by identical symbols, the electronic music 
20 distribution system 10 with such a configuration is provided with an information provision apparatus 330. The informa- 
tion provision apparatus 330 is composed of a hosting server 331 holding an encrypted multiplicity of contents supplied 
from the content provider 2 and an information provision terminal (hereinafter referred to as a KIOSK terminal) 332 set 
in, for example, a simple retailing shop (i.e., KIOSK). 

[0718] In the KIOSK terminal 332, a recording medium 333 that is a recording medium consisting of, for example, 

25 an MD (trademark) or an electronic distribution only recording medium 334 described above for Figure 17 can be 
inserted detachably. The KIOSK terminal 332 holds price information prepared on an information provider side that 
manages the KIOSK terminal 332. reads out contents desired by a customer who is an information user from the 
hosting server 331 via a private cable or a satellite communication, and, by executing purchase processing as the 
home server 51 in the user home network 5 does, records the contents desired by the customer in a recording medium 

30 333 the customer has or an electronic distribution only recording medium 334. 

[0719] Incidentally, the KIOSK terminal 332 receives a public key certificate, a delivery key K^ registration information 
or the like transmitted from the electronic distribution service center 1, and in return transmits charge information, 
license conditions information, or the like according to a utilization right of contents to the electronic distribution only 
recording medium 334. Thus, the electronic distribution service center 1 performs processing of profit distribution on 

35 the content provider 2, an information supplier (the service provider 3 in Figure 1) or the like based on the charge 
information given by the KIOSK terminal 332. In addition, the electronic distribution only recording medium 334 some- 
times performs purchase processing in the electronic distribution only recording medium 334 when purchasing a uti- 
lization right from the KIOSK terminal 332, in which case, it is necessary to transmit the charge information to the 
electronic distribution service center 1 via an apparatus in the user home network 5. 

40 [0720] Here, Figure 99 shows a configuration of the hosting server 331. The hosting server 331 is composed of a 
communication section 340, a control section 341 and a server 342. The communication section 340 communicates 
with the content provider 2 and the KIOSK terminal 332, and transmits and receives predetermined information. When 
a content provider secure container is transmitted from the content provider 2 by controlling the communication section 
340 and the server 342, the control section 341 holds encrypted contents included in the content provider secure 

45 container in the server 342, and at the same time, transmits key data, a handling policy or the like included in the 
content provider secure container to the KIOSK terminal 332 via the communication section 340. 
[0721] In addition, when given a read out request command from the KIOSK terminal 332, the control section 341 
reads out corresponding contents from the server 342, and transmits the read out contents to the KIOSK terminal 332 
via the communication section 340. Incidentally, a communication route of a read out request command of contents 

50 and a route of contents may be different. 

[0722] Figure 100 shows a configuration of the KIOSK terminal 332, and the KIOSK terminal 332 is composed of a 
communication section 350 that is receiving means, an upper controller 351 that is storing means for controlling the 
KIOSK terminal 332, an encryption processing section 352 that is license conditions information preparing means, an 
electronic watermark insertion section 353 that is electronic watermark inserting means, a price processing section 

55 354 t inputting means 355, displaying means 356, and a KIOSK terminal sever 357. 

[0723] The communication section 350 communicates with the hosting server 331 and the electronic distribution 
service center 1 , and transmits and receives predetermined information. Since the upper controller 351 has a function 
similar to that of the upper controller 62 of the home server 51 , its description is omitted. The encryption processing 
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section 352 is composed of a control section 360, a storage module 361, a registration information inspection module 

Tpurchast pressing module 363, a mutual authentication module 364 and an 
365 Since the control section 360, the storage module 361. the registration information inspector) module 362 toe 
o^chasTD^ceSg modu.e 363 and the mutual authentication module 364 have functions s.m,.ar to those of the 
co^dScoS 

S and mutual authentication modu.e 95 in the home server 51 respective.y, the,r ^P*™*™™"^ 
Z^Tte encryption/decryption module 365 is composed of a decryption unit 370, an en^ 
nur^l^r^^ 

un« 370 mTencryption unit 371 the random number generation unit 372, the signature generation unrt 373 and the 
signaLre verified! 374 have functions similar to those of the corresponding decryption unit 11 
?12 rarSJm number generation unit 113. signature generation unit 114 and signature venfication un,t 115 in the home 

353 is composed of a mutua, authentication modu.e 380. a toy 
T£L*Z«ZZ» 381 a decryption module 382. an electronic watermark addition module 383 and a storage module 
STK^^ i£2S insertion section 353. although the mutual ^^^^ZZ ^Z, 
™«™ m^ute 381 the decryption module 382. the electronic watermark addition module 383 and the storage modu e 
Sf^S^ £5£K~ of the corresponding mutual authentication modu.e ^^^T^ 
102 demotion modu.e 103. electronic watermark addition module 105 and storage module 106 in the extension 
ImSSS* home se^ 51 respectively, contents decrypted by a content key are not -tended but. 
20 ^Tn ID of a holder of the KIOSK terminal 332 inserted in the contents, are forwarded to the record,^ med urn 333 
Tnd me electronic distribution only recording medium 334 as they are (as digital data) . However ,n the electronic 
w^e^aSertonsection353. in some cases, contents thatare an output of the decryption module 382 are extended. 
ifniTs^ recompressed using another compression algorithm, and the output is forwarded to the e.ectron,c water- 

25 SSTSiS Passing section 354 dis P .ays on the displaying means 356 information 

a utiSation right of contents a customer has purchased upon purchase processing, and when pnce ,s inserted Htan , a 
on^Tnsertrn opening provided in toe KIOSK terminal 332, determines wheth 

andlfThe X islnsu^cient, notifies me customer of information of insufficient amount via the displaying means 356. 
o! * the price is too much, notifies the customer of information of an amount of change via the displaying means 356. 
30 and returns the change from a price return opening. . 

I0?2? ^e inputting means 355 forwards to the upper controller 351 various kinds of information such as selection 
Eation of contents or the like inputted via an operation button. The displaying means 356 is composed of a pre- 
deteltoed dLSay device such as a Hquid crystal display, issues an instruction to a customer, and displays information. 
ISZ^SZ^ "-ans 355 and the disp.ay means 356 can be configured by uniting them by a touch pane. 

35 Syr'JSSSS^ 357 has . function s.mHar * the mass storage section 68 of ^ =? ver £ 

and holds key data (an encrypted content key K^, an encrypted individual key K, (not shown)) ^nsm.tted from toe 
£££2Z%t. b handli^ policy, and price information prepared on the KIOSK side, or the like. IncdentaHy. the 

' i in a mecto insertion opening provided in the KIOSK terminal 332. the KIOSK termina. 332 displays a purchase 
oufde infoITtion of purchasable contents, or the .ike via the disp.ay means 356. and as a resuU. if 
and designates desired contents via the inputting means 355. reads out the selected and designated contents from 
• • ' Ghosting sender 331 to apply purchase processing, and records the contents in the recording medium 333 or the 
45 electronic distribution only recording medium 334. 

Sr'ncfdentally. Figure 101 illustrates information transmitted among the content provider 2. the hosbng I se^er 
331 aid toe KtoSKtermina. 332. The content provider 2 attaches a public key certificate of toe content p rovider to a 
content provider secure container, and sends the content provider secure container to the hosting server 331. 

The hosting server 331 verifies a public key certificate of the content provider 2. obta.ns . .public toy of toe 
Entprov^ 

SvAter succeeding in verifying the signature, the hosting server 331 takes out encrypted contents from the content 

his'the taken ou, encrypted contents in toe server 342. and at the 
toe remaining key data (an encrypted content key K^ or an encrypted individua. toy K, (not shown)), a handling pohcy 

107^™^ 

toy Kj (not shown) ) . a handling policy and the like, and at the same time, holds price information prepared on an 
information provider side that manages the KIOSK terminal 332. r ^^ n ^ 
[OTaT Here, purchase processing that is actually executed in the KIOSK terminal 332 will be descnbedw,to reference 
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to flow charts shown in Figures 102 through 105. In step S780, when a customer inserts a medium (the recording 
medium 333 or the electronic distribution only recording medium 334) in the KIOSK terminal 332, in step S781, the 
upper controller 351 of the KIOSK terminal 332 determines whether or not the inserted medium is the recording medium 
333 (in this embodiment, for example, an MD (trademark)), and if the inserted medium is the recording medium 333, 

5 the processing proceeds to step S782. 

[0734] In step S782, the upper controller 351 causes the displaying means 356 to display information such as pur- 
chasable contents (i.e.. a tune), price and the like, and in this sate, the customer selects and designates desired 
contents and inserts money in the price insertion opening, the processing proceeds to step S783. In step S783. the 
upper controller 351 checks whether or not the money inserted by the customer is insufficient compared with charged 

10 price, and if it is not insufficient (money inserted by the customer may be more than the price), the processing proceeds 
to step S785. Incidentally, in step S783, if the money inserted by the customer is insufficient compared with the charged 
price, the processing proceeds to step S784, where the upper controller 351 instructs the customer via the displaying 
means 356 to insert an insufficient portion of money in the price insertion opening. 

[0735] In step S785, the upper controller 351 reads out from KIOSK terminal 357 a handling policy, price information 
15 and key data corresponding to the contents selected and designated by the customer, and forward them to the en- 
cryption processing section 352 to instruct the control section 360 to execute the purchase processing. 
[0736] Then, in step S786. the control section 360 of the encryption processing section 352 executes purchase 
processing of, for example, a copying right with copy management information (SCMS) in which a number of times of 
copying is limited to one (i.e., copying from the KIOSK terminal 332 to the recording medium 333) with respect to the 
20 contents selected and designated by the customer based on the handling policy and the price information given by the 
upper controller 351. As a result, the charge information is held in the storage module 361. 

[0737] Incidentally, after recording contents in the recording medium 333, in order to prevent the contents from being 
illegally copied from the recording medium 333 to another recording medium 333, the KIOSK terminal 332 executes 
purchase processing of the copying right with copy management information. However, although a copying right without 
25 copy control information with a number of times limitation or the recording medium 333 in this embodiment is an MD 
(trademark) as long as it can prevent illegal copying, purchase processing of a copying right and the like with limitation 
according to various kinds of medium such as a memory stick (trademark) may be executed. 

[0738] Then, in step S787, in the decryption unit 370 of the encryption/decryption module 365, the control section 
360 of the encryption processing section 352 takes out an encrypted individual key K, and an encrypted content key 
30 Kco included in key data given by the upper controller 351 , decrypts the encrypted individual key Kj using the delivery 
key Kj stored in the storage module 361 , and decrypts the encrypted content key K^ using the obtained individual 
key K h 

[0739] Subsequently, in step S788, the control section 360 of the encryption processing section 352 mutually au- 
thenticates with the electronic watermark insertion section 353 using each other's mutual authentication modules 364 

35 and 380, and shares the temporary key K,^, and the processing proceeds to step S789. In step S789, the control 
section 360 of the encryption processing section 352 encrypts the decrypted content key K^ using the temporary key 
Ktemp in the encryption unit 371 of the encryption/decryption module 365. Then, in step S790, the control section 360 
of the encryption processing section 352 forwards the content key K^ encrypted by the temporary key K^p to the 
electronic watermark insertion section 353. 

40 [0740] In step S791 , in the key decryption module 381 , the electronic watermark insertion section 353 decrypts the 
encrypted content key given by the encryption processing section 352 using the temporary key K,^ (shared with 
the encryption processing section 352) given by the mutual authentication module 380. 

[0741] Then, in step S792, the upper controller 351 transmits a read out request of contents selected and designated 
* by a customer (e.g., including an ID of contents) to the hosting server 331 via The communication section 350, reads 

45 out encrypted contents selected and designated by the customer from the hosting server 331 , and forwards the contents 
to the electronic watermark insertion section 353. Incidentally, when having read out the encrypted contents from the 
hosting server 331 in this way, since the encrypted contents can be saved in the KIOSK terminal server 357, if the 
customer selects and designates contents, the upper controller 351 may first retrieve contents held by the KIOSK 
terminal server 357, and if there is not corresponding contents in the KIOSK terminal server 357, read out the contents 

50 from the hosting server 331. In addition, read out of contents may be executed in steps before step S792. 

[0742] In step S793, after decrypting the encrypted contents given by the upper controller 351 using the decrypted 
content key K^ in the decryption module 382, the electronic watermark insertion section 353 inserts, for example, an 
I D of a holder of the KIOSK terminal 332 in the form of an electronic watermark in the decrypted contents in the electronic 
watermark addition module 383. 

55 [0743] Incidentally, an ID of a holder of the KIOSK terminal 332 is used as data of the watermark attached to the 
contents in order to specify the KIOSK terminal 332 that provided the contents when the contents recorded in the 
recording medium 333 (or the electronic distribution only recording medium 334) are illegally copied. 
[0744] Then, in step S794, the electronic watermark insertion section 353 forwards the contents in which the elec- 
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tronic watermark is inserted to the recording medium 333 as they are (in the form of digital data), thereby recording 
the contents designated by the customer in the recording medium 333. 

[07451 Subsequently, in step S795. the upper controller 351 uses the price processing section 354 determines wheth- 
er or not money inserted in the price insertion opening by the customer is more than a charged price, and if the money 
5 i S more than the charged price, returns the balance as change from the price returning opening. 

[0746] In this way. in step S796. the customer receives the change if there is change, and at the same time, receives 

the recording medium 333. 

[07471 Incidentally, when the customer purchases a utilization right of contents in this way. the upper controller 351 
of the KIOSK terminal 332 transmits the charge information prepared at the point to the electronic distribution service 
10 center 1 Thus the electronic distribution service center 1 makes a settlement based on the charge information, thereby 
collecting a part of the price paid by the customer from the holder of the KIOSK terminal 332 according to the util.2at.0n 
right to which the purchase processing was applied. 

[07481 On the other hand, when the customer- inserted the electronic distribution only recording medium 334 in the 
KIOSK terminal 332 in step S800. in order to identify that the medium is the electronic distribution only recording 

ts medium 334 by identification processing of media in the subsequent step S801 (i.e.. if the medium inserted in *e 
KIOSK terminal 332 by the customer is identified as the electronic distribution only recording medium 334 by the 
identification processing of contents described above for step S781). the upper controller 351 proceeds to step > S802^ 
Incidentally, if the medium is identified as the recording medium 333 in this step S801. processing of step S782 and 
the subsequent steps are executed. 

20 [0749] m step S802. the upper controller 351 sets a purchasable utilization right to contents (e.g.. an unlimited re- 
production right, a reprcduction right with a period limited, a reproduction right with an accumulated time limited, a 
reproduction right with a number of times limited, an unlimited copying right, a copying right with a number of times 
limited or the like) together with the purchasable contents (i.e.. a name of a tune) and a price via the displaying means 
356 and causes the displaying means 356 to display the information of the set contents of utilization right, and when 

25 the customer selects and designates desired contents via the inputting means 355 and, at the same tome, selects and 
designates contents of a desired utilization right, the processing proceeds to step S803. 

[07501 In steps S803. the upper controller 351 inquires whether or not the purchase price of the utilization nght will 
be settled later via the displaying means 356. Then, when the customer selects to pay the price on the spot via the 
inputting means 355. the upper controller 351 in turn solicits the customer to insert money in the pnce insertion opening 
30 via the displaying means 356. and the processing proceeds to step S804. Incidentally, since step S804 executes 
processing similar to the processing described above for step S783, its description is omitted. In addition, since step 
S805 to which the processing can proceed from step S804 executes processing similar to the processing described 
above for step S784, its description is omitted. 

[07511 Then in step S806. the upper controller 351 inquires the customer whether or not the purchase processing 
35 may be executed by the KIOSK terminal 332 via the display means 356. If the customer selects that the KIOSK terminal 
332 may execute the purchase processing via the inputting means 355. the processing proceeds to step S807. 
[0752] Since processing similar to the processing described above for step S785 is executed in step S807. its de- 
scription is omitted. Then, in step S808. the control section 360 of the encryption processing section 352 in the KIOSK 
terminal 332 executes the purchase processing of the utilization right selected and designated by the customer in the 
40 purchase processing module 363 based on the handling policy and the price information given by the upper controller 
351 prepares license conditions information and charge information, and holds the charge information in the storage 
module 361. and then the processing proceeds to step S809. since processing similar to the processing described 
above for step S787 is executed in step S809. its description is omitted. 

[0753] Incidentally, as an ID of ah encryption processing section to be stored in data of license conditions information 
45 (i e an ID of the encryption processing section that prepared the license conditions information), an ID of the encryption 
processing section 122 in the electronic distribution only recording medium 334 is stored. (However, an ID of the 
encryption processing section 352 in the KIOSK terminal 332 may be stored. At this point, in some cases, an ID of the 
encryption processing section 122 in the electronic distribution only recording medium 334 to which the contents was 
transferred is saved in the KIOSK terminal server 357. and thereafter transmitted to the electronic distribution service 

50 center 1 and managed.) . 

[0754] Then in step S810, the control section 360 of the encryption processing section 352 in the KIOSK terminal 
332 mutually authenticates with the encryption processing section 122 of the electronic distribution only recording 
medium 334 using each other's mutual authentication modules 364 and 128. and shares the temporary key Ktemp- and 
the processing proceeds to step S811. _ 

55 [0755] In step S811. the control section 360 of the encryption processing section 352 in the KIOSK terminal 33Z 
encrypts the decrypted content key K^ and the license conditions information respectively in the encryption unit 371 
of the encryption/decryption module 365 using the temporary key K,^. Incidentally, since, among the content key K„, 
and the license conditions information, even if contents of the license conditions information are seen, there is no 
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specific problem, only the content key may be encrypted. Then, the control section 360 of the encryption processing 
section 352 in the KIOSK terminal 332 generates signatures for ali of (or a part of) the content key Kq, encrypted (by 
the temporary key K^p) and the license conditions information (in some cases, it is encrypted) in the signature gen- 
eration unit 373, and returns them to the upper controller 351. 

s [0756] Then, in step S812, the upper controller 351 in the KIOSK terminal 332 reads out the encrypted contents 
selected and designated by the customer from the hosting server 331 or the KIOSK terminal server 357 as in step 
S792. (Incidentally, as a timing, reading out of the contents may be executed before step S812.) Then, the read out 
contents, the contents key Kq, encrypted (by the temporary key K^p), and the license conditions information, the 
signatures for the content key K^ encrypted (by the temporary key K^p) and the license conditions information, as 

10 well as the handling information and the price information read out form the KIOSK terminal server 357 are transmitted 
to the electronic distribution only recording medium 334 via the upper controller 351 . 

[0757] In step S813, the control section 124 of the encryption processing section 122 in the electronic distribution 
only recording medium 334 verifies the signatures for the content key K^ encrypted (by the temporary key K^p), the 
handling information, the price information and the license conditions information given by the KIOSK terminal 332 in 
15 the signature verification unit 135, and thereafter decrypts the encrypted content key K^ and the encrypted license 
conditions information, if necessary, respectively, using the temporary key K^p in the decryption unit 132. Then, the 
control section 124 decrypts the encrypted content key K^ using the save key K^g held in the storage module 125 
in the encryption unit 132. 

[0758]" Then, in step S814, the control section 124 of the encryption processing section 122 in the electronic distri- 
ct? bution only recording medium 334 saves the contents encrypted by the content key K^, the content key K^ encrypted 

by the save key the handling policy, the price information and the license conditions information in the external 

memory 123 via the external memory control section 130. Incidentally, the content key K^ encrypted by the save key 

Kgave and the license conditions information are saved in a tamper checked region in the external memory 123 by the 

external memory control section 130. 
25 [0759] Then, although processing for the upper controller 351 in the KIOSK terminal 332 proceeds to steps S815 

and S816 in order, since steps S815 and S816 executes processing similar to the processing described above for 

steps S795 and S796 respectively, their descriptions are omitted. 

[0760] Incidentally, since the upper controller 351 of the KIOSK terminal 332 transmits the encrypted contents, the 
encrypted content key K^, the handling policy, the price information and the license conditions information to the 
30 electronic distribution only recording medium 334, but holds the charge information in the storage module 361 inside, 
the charge information is transmitted to the electronic distribution service center 1 . Thus, the electronic distribution 
service center 1 makes a settlement based on the charge information, thereby collecting a part of the price paid by the 
customer from the holder of the KIOSK terminal 332 according to the utilization right to which the purchase processing 
was applied. 

35 [0761] Here, in the settlement of the price described above for step S803, when the customer selects to make a 
settlement of the purchase price of the utilization right on a later date via the inputting means 355, processing for the 
upper controller 351 in the KIOSK terminal 332 proceeds to step S820. Incidentally, since processing from this step 
S820 to the subsequent step S823 is similar to the processing from step S807 to the subsequent step S810, their 
descriptions are omitted. However, the charge information generated in step S821 is not saved in the storage module 

40 361 of the encryption processing section 352. 

[0762] Then, in step S824, the control section 360 of the encryption processing section 352 in the KIOSK terminal 
332 encrypts the decrypted content key K^, the license conditions information and the charge information respectively 
in the encryption unit 371 of the encryption/decryption module 365 using the temporary key K^p. Incidentally, since, 
even if contents of the license conditions and the charge information other than the content key K^ are seen, there is 

45 no specific problem, only the content key K^ may be encrypted. Then, the control section 360 of the encryption process- 
ing section 352 in the KIOSK terminal 332 generates signatures for all of (or each of) the content key encrypted 
(by the temporary key K^p), the encrypted license conditions information and the encrypted charge information in 
the signature generation unit 373, and transmits the content key K^ encrypted by the temporary key K^p, the en- 
crypted license conditions information, the encrypted charge information and their signatures to the upper controller 

50 351. 

[0763] Then, in step S825, the upper controller 351 in the KIOSK germinal 332 reads out the encrypted contents 
selected and designated by the customer from the hosting server 331 or the KIOSK terminal server 357 as in step 
S792. (Incidentally, as a timing, reading out of contents may be executed in steps before this step S812.) 
[0764] Then, the encrypted content key, the content key K^ encrypted (by the temporary key K^p), the handling 
55 information, the price information, the encrypted license conditions information and the encrypted charge information, 
as well as the signatures generated for all of (or each of) the entirety of the content key K^ encrypted (by the temporary 
key K temp ), the encrypted license conditions information and the encrypted charge information are transmitted to the 
electronic distribution only recording medium 334 via the upper controller 351. In addition, the handling policy and the 
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price information may be transmitted from the KIOSK terminal 332 to the electronic distribution only recording medium 
334, if necessary. 

[07651 In step S826, the external memory control section 130 in the electronic distribution only recording medium 
334 saves the encrypted contents in the external memory 123. Incidentally, the external memory control section 130 

5 saves the handling information and the price information in the external memory 123, if necessary 

[0766] Then, in step S827, the control section 124 of the encryption processing section 122 in the electronic distri- 
bution only recording medium 334 performs verification of the signatures for the content key K^ encrypted (by the 
temporary key K^p), the encrypted license conditions information and the encrypted charge information given by the 
KIOSK terminal 332 in the signature verification unit 135, and decrypts the encrypted content key K^, the encrypted 

10 license conditions information and the encrypted charge information respectively using the temporary key K,^ in the 
decryption unit 132. (If the license conditions information and the charge information are not encrypted, it is unnecessary 
to decrypt them.) Then, the control section 1 24 encrypts the decrypted content key using the save key K^e saved 
in the storage module 125 in the encryption unit 132. 

[0767] Then, in step S828, the control section 124 of the encryption processing section 122 in the electronic distri- 
15 bution only recording medium 334 saves the charge information in the storage module 125. Subsequently, in step 
S829, the control section 124 of the encryption processing section 122 in the electronic distribution only recording 
medium 334 saves the encrypted content key K^ and the license conditions information in the external memory 123 
via the external memory control section 130. Incidentally, the content key K^ and the license conditions information 
are saved in a region for which tamper checked was applied in the external memory 123. 
20 [0768] Further, if contents are recorded in the electronic distribution only recording medium 334 with conditions of 
settlement in a later day as described above, and charge information is also saved in the electronic distribution only 
recording medium 334, the electronic distribution service center 1 thereafter cannot collect the charge information from 
the electronic distribution only recording medium 334 until the electronic distribution only recording medium 334 is 
inserted in an apparatus connected to the electronic distribution service center 1 . Thus, the electronic distribution only 
25 recording medium 334 may be inserted in an apparatus not connected to the electronic distribution service center 1, 
and contents are likely to be illegally utilized with no payment of prices. 

[0769] Therefore, in such an electronic distribution only recording medium 334, after recording contents, the control 
section 124 of the encryption processing section 122 in the electronic distribution only recording medium 334 retrieves 
charge information of the storage module 125 in a predetermined timing, and if uncollected charge information is saved, 
30 applies limitation of a number of times, time or the like to a corresponding utilization right of the contents until the 
charge information is collected, thereby allowing utilization of the contents within the limitation. In this way, illegal 
utilization of the contents is prevented. 

[0770] In addition, in such purchase processing, since the charge information and the license conditions information 
that were generated in the purchase processing, and the handling policy that was used for the generation, or the like 
35 do not remain in the KIOSK terminal 332, the electronic distribution service center 1 collects prices from a customer 
holding the electronic distribution only recording medium 334 at this point, and distributes a part of the prices to a 
holding of the KIOSK terminal 332. 

[0771 ] In addition, in the processing described above for step S806, if the customer selects that the purchase process- 
ing is executed by the electronic distribution only recording medium 334 via the inputting means 355, the processing 

40 proceeds to step S840, where the upper controller 351 in the KIOSK terminal 332 reads out contents selected and 
designated by the customer from the hosting server 331 and the KIOSK terminal server 357 as in step S792, and at 
the same time, reads out corresponding key data, a handling policy and price information from the KIOSK terminal 
server 357 and- transmits these to the electronic distribution only recording medium 334. 
• [0772] Incidentally, after mutually authenticating with the electronic distribution only recording medium 334, the Kl- 

45 OSK terminal 332 may share the temporary key K^p, encrypt the contents (encrypted by the content key K^), the 
key data, the handling policy and the price information by the temporary key K^p, if necessary, and attach signatures 
to entire or a part of the data. 

[0773] In step S841, the control section 124 of the encryption processing section 122 in the electronic distribution 
only recording medium 334 saves the contents (encrypted by the content key K^) in the external memory 123 via the 
50 external memory control section 130, and at the same time, saves the handling policy and the price information in the 
external memory 123 via the external memory control section 130, if necessary. 

[0774] Then, in step S842, the control section 124 of the encryption processing section 122 in the electronic distri- 
bution only recording medium 334 executes purchase processing in the purchase processing module 127, and prepares 
license conditions information and charge information based on the handling policy and the price information. Inciden- 
ts tally, since the procedures of the purchase processing are the same as steps S 163 to S1 70 described above for Figure 
67, their detailed description is omitted. 

[0775] Subsequently, in step S843, after decrypting the encrypted individual key Kj included key data using the de- 
livery key K d held in the storage module 125 in the decryption unit 131. the control section 124 of the encryption 
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processing section 122 in the electronic distribution only recording medium 334 decrypts the encrypted content key 
included in the key data using the decrypted individual key K,. Then, the control section 124 encrypts the encrypted 
content key K^, using the save key K^e held in the storage module 125 in the encryption unit 132. 
[0776] Then, in step S844, the control section 124 of the encryption processing section 122 in the electronic distri- 

5 button only recording medium 334 mutually authenticates with the encryption processing section 352 in the KIOSK 
terminal 332 using each other's mutual authentication modules 128 and 364, and shares the temporary key t^emp- 
£0777] Then, in step S845, the control section 124 of the encryption processing section 122 in the electronic distri- 
bution only recording medium 334 encrypts charge information using the temporary key K^p in the encryption unit 
132, and after attaching a signature to the charge information in the signature generation unit 134, transmits the erv 

10 crypted charge information and the signature to the KIOSK terminal 332 via the communication section 121 . Incidentally, 
although a signature is attached to charge information so as not to be tampered, the charge information may be trans- 
mitted to the electronic distribution only recording medium 334 without encrypting. If the charge information is not 
encrypted, the temporary key K^p may not be shared between the electronic distribution only recording medium 334 
and the KIOSK terminal 332. 

15 [0778] - In step S846, the upper controller 351 in the KIOSK terminal 332 forwards the charge information and the 
signature transmitted from the electronic distribution only recording medium 334 to the encryption processing section 
352. Thus, in step S847, the signature verification unit 374 of the encryption processing section 352 in the KIOSK 
terminal 332 verifies the signature for the charge information, and after succeeding in verifying the signature, decrypts 
the charge information using the temporary key K^p and saves it in the storage module 361. 

20 [0779] Then, in step S848, the control section 360 of the encryption processing section 352 in the KIOSK terminal 
332 generates a charge processing completion notice indicating that the charge processing is completed, and attaches 
a signature to the charge processing completion notice in the signature generation unit 373, forward the charge process- 
ing completion notice with the signature attached to the upper controller 351, and at the same time, transmits it to the 
electronic distribution only recording medium 334 via the upper controller 351. Thus, the upper controller 351 simply 

25 determines whether or not the charge processing has been complete without specifically verifying the signature based 
on the charge processing completion notice. In addition, the control section 124 of the encryption processing section 
122 in the electronic distribution only recording medium 334 verifies the signature of the charge processing completion 
notice in the signature verification unit 135, thereby recognizing the completion of the charge processing. 
[0780] Then, in step S849, the control section 124 of the encryption processing section 122 in the electronic distri- 

30 bution only recording medium 334 saves the content key K^ encrypted by the save key Kg^ and the license conditions 
information in a region to which tamper check was applied in the external memory 123 via the external memory control 
section 130. 

[0781] Subsequently, although the KIOSK terminal 332 sequentially executes processing of steps S850 and S851, 
since the processing is similar to the processing executed in steps S815 and S816, its description is omitted. 
35 [0782] In this way, when purchase processing is performed in the electronic distribution only recording medium 334, 
charge information is held in the KIOSK terminal 332, and the charge information is transmitted to the electronic dis- 
tribution service center 1 from the KIOSK terminal 332. 

[0783] Incidentally, in step S803, if the customer selects that purchase price of the utilization right will be settled on 
a later date, in step S860 shown in Figure 106, the upper controller 351 of the electronic distribution only recording 

40 medium 334 may transmits the encrypted contents, the key data, the handling policy and the price information to the 
electronic distribution only recording medium 334 in the state of the content provider secure container transmitted from 
the content provider 2. Then, if state data of the content provider secure container is transmitted to the electronic 
distribution only recording medium 334 from the KIOSK terminal 332 in this way, since a signature is already attached 
to the content provider secure container in the content provider 2, the KIOSK terminal 332 transmits the data to the 

45 electronic distribution only recording medium 334 without specifically attaching a signature. 

[0784] In addition, in step S803, if the customer selects that purchase price of the utilization right will be settled on 
a later date, the KIOSK terminal 332 may execute purchase processing to be described with reference to a flow chart 
shown in Figure 107. That is, in step S870, the upper controller 351 in the KIOSK terminal 332 instructs the control 
section 360 of the encryption processing section 352 to execute the purchase processing. Incidentally, since the 

50 processing of this step S870 is similar to the processing of step S785, its detailed description is omitted. 

[0785] Then, in step S871 , in the decryption unit 370 after decrypting the encrypted individual key Kj using the delivery 
key Kd held in the storage module 361, the control section 360 of the encryption processing section 352 in the KIOSK 
terminal 332 decrypts the encrypted content key K^ using the decrypted individual key K,, and the processing proceeds 
to step S872. Incidentally, since the processing of step S872 is similar to the processing described above for step 

55 S810, its description is omitted. 

[0786] Subsequently, in step S873, the control section 360 of the encryption processing section 352 in the KIOSK 
terminal 332 encrypts the decrypted content key K^ using the temporary key K^p in the encryption unit 371, and 
generates a signature for the content key K^ encrypted (by the temporary key K^^p) in the signature verification unit 
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373, If necessary, and the processing proceeds to step S874, and in this step S874, in the signature generation unit 
373 the control section 360 transmits the encrypted contents, the content key K^, encrypted (by the temporary key 
K temp ) and its signature, the handling policy and the price information to the electronic distribution oniy recording me- 
dium 334 via the upper controller 351. 

5 [07871 In Step S875, after verifying the signature of the content key encrypted (by the temporary key K^p) in 
the signature verification unit 135, the control section 124 of the encryption processing section 122 in the electronic 
distribution only recording medium 334 decrypts the encrypted content key K^ using the temporary key K^p in the 
decryption unit 131. Then, the control section 124 encrypts the decrypted content key using the save key K savo 
held in the storage module 125 in the encryption unit 132. 

10 [0788] Then, in step S876, the control section 124 of the encryption processing section 122 in the electronic distri- 
bution only recording medium 334 executes purchase processing in the purchase processing module 127, and after 
preparing license conditions information and charge information based on a handling policy and price information, the 
processing proceeds to step S877, where the control section 124 saves the charge information in the storage module 
125. 

15 [0789] Subsequently, in step S878, the control section 1 24 of the encryption processing section 122 in the electronic 
distribution only recording medium 334 saves the encrypted contents, the handling policy and the price information n 
the external memory 123 via the external memory control section 130, and then in step S879, saves the encrypted 
content key and the license conditions information in a region to which tamper check was applied of the external 
memory 123 via the external memory control section 130. Incidentally, in step S878, since the control section 124 puts 

20 various kinds of information included in the handling policy and the price information in the license conditions informa- 
tion, the handling policy and the price information may be saved in the external memory 123, rf necessary. 
[0790] In this way, the KIOSK terminal 332 can execute purchase processing for a utilization right of contents with 
respect to the recording medium 333 and the electronic distribution only recording medium 334, and record the contents 
in the recording medium 333 and the electronic distribution only recording medium 344. 

25 [0791] Incidentally, since decrypted contents are recorded in the recording medium 333, a customer holding the 
recording medium 333 can easily utilize the contents using a reproduction apparatus that does not have an extension 
section and an encryption section, and does not need to connect to the service provider 3 and the electronic distribution 
service center 1 according to the recording medium 333. 

[0792] In addition, although a customer holding the electronic distribution only recording medium 334 cannot utilize 
30 contents unless the customer uses a reproduction apparatus provided with an extension section (or, alternatively an 
encryption processing section) as in the home server 51 described above for Figure 1 5, since the reproduction appa- 
ratus does not need to be connected to the electronic distribution service center 1 or the service provider 3 either 
directly or indirectly, contents can be utilized with an apparatus such as a reproduction apparatus used for establishing 
the user home network 5. 

35 [0793] In the above-mentioned configuration, in the electronic music distribution system 10, if the recording medium 
333 is inserted in the KIOSK terminal 332, purchase processing is executed in the KIOSK terminal 332, thereby inserting 
data of an electronic watermark in decrypted contents to record in the recording medium 333. 

[0794] In addition, if the electronic distribution only recording medium 334 is inserted in the KIOSK terminal 332, 
purchase processing is executed either in the KIOSK terminal 332 or the electronic distribution only recording medium 
^o 334, thereby recording encrypted contents and a content key as well as license conditions information in the elec- 
tronic distribution only recording medium 334. 

[0795] Therefore, in such an electronic music distribution system 10, even if a customer does not own an apparatus 
or the like for establishing the user home network 5 connected to_ the service provider 3. or the electronic distribution 
service center 1, the customer can secure safety to record contents in the recording medium 333 and the electronic 
45 distribution only recording medium 334 that the customer owns using the KIOSK terminal 332 installed in the simple 
retail store, respectively. 

[0796] That is, since contents is recorded in the recording medium 333 in a state in which a copy control signal such 
as SCMS is attached or by managing copies by an electronic watermark (a copying right with copy management 
information), illegal copying of the contents can be prevented. Incidentally, as an electronic watermark signal, a copy 

50 control signal (a signal for controlling copy possible/impossible), a reproduction control signal (a signal for controlling 
reproduction possible/impossible), an ID of any apparatus (an ID of a KIOSK terminal or an ID of an electronic distri- 
bution only recording medium 334), or the like can be envisaged, and one or a plurality of them may be embedded. 
[0797] In addition, since a utilization right (unlimited, a number of times limitation, a time limitation, etc.) selected in 
the purchase processing and a limitation which is applied on a utilization right until charge information is collected in 

55 case of the purchase processing to be settled on a later date is managed by license conditions information in the 
electronic distribution only recording medium 334, illegal utilization of contents can be prevented in this case as well. 
[0798] According to the above-mentioned configuration, since contents are recorded in the recording medium 333 
and the electronic distribution only recording medium 334 by the KIOSK terminal 332, the contents can be easily 
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provided to a user who does not own an apparatus for establishing a user home network 5 while securing safety of 
the contents in the recording medium 333 and the electronic distribution recording medium 334. 
[0799] in addition, since an information provider holding the KIOSK terminal 332 (the service provider 3 in Figure 1) 
provides price information, and therefore content provision fees are distributed to the information provider in any of the 
5 systems in Figures 103, 105 and 106, these systems are not substantially different from those in Figures 101 , 102 and 
104 in which money is directly collected. 

(11) Provision of contents to be an album in a KIOSK terminal 332 

10 [0800] In addition to such a configuration, in the case of the information provision apparatus 330, keyword information 
such as an artist, gender of the artist, a type of a tune (enka, rock'n roll, etc.), a season imagined from a tune, a location 
(sea, mountain, etc.), a time of a day (evening, morning, etc.), and the like that are generated by the information provider 
owning the KIOSK terminal 332 generated with respect to contents to be saved in the hosting server 331 is saved in 
the KIOSK terminal server 357 of the KIOSK terminal 332. Incidentally, as another example, in some cases, the content 

15 provider 2 generates this keyword information and saves it in a server 342 that is a content server in the hosting server 
331 or the KIOSK terminal server 357. 

[0801] In addition, various kinds of provision information (e.g., a commercial, content information, etc.) generated 
by the information provider that is different for each content or keyword (not necessarily different) is saved in the KIOSK 
terminaf server 357 of the KIOSK terminal 332. Incidentally, the content provider 2 may generate the provision infor- 

20 mation and save it in the server 342 of the hosting server 331 and the KIOSK terminal server 357 of the KIOSK terminal 
332, or provision information generated by the content provider 2 or received from the information provider may be 
collected as one content by linking it to contents. (That is, provision information is embedded in the top, middle, last 
or the like of music (contents) so that the music and the provision information cannot easily be separated as one tune.) 
[0802] The upper controller 351 that is selecting means and storing means of the KIOSK terminal 332 prepares a 

25 data table in which a plurality of contents saved in the server 342 of the hosting server 331 are categorized based on 
the keyword information, and saves the prepared data table in the KIOSK terminal server 357. Incidentally, an ID of 
contents corresponding for each category are registered in the data table. In addition, the data table may be generated 
by the control section 341 of the hosting server 331, and saved in the server 342 or the KIOSK terminal server 357. 
Moreover, if the data table is saved in the server 342, the control section 341 of the hosting server 331 transmits 

30 keyword information for the contents to the KIOSK terminal 332 via the communication section 340, thereby saving 
the keyword information in the KIOSK terminal server 357 by the upper controller 351 in the KIOSK terminal 332. 
[0803] Then, in the KIOSK terminal 332, if a customer inserts an electronic distribution only recording medium 334, 
the upper controller 351 reads out a keyword corresponding to contents that can be applied purchase processing from 
the KIOSK terminal server 357, and notifies the customer of the keyword via the displaying means 356. Incidentally, 

35 the upper controller 351 may at this time notifies the customer of the keyword for the contents to which purchase 
processing can be applied read out from the KIOSK terminal server 357 together with information on a tune name or 
a price for the contents via the displaying means 356. 

[0804] When the customer selects and designates, for example, a keyword (the number of keywords may be plural) 
corresponding to desired contents and a number contents to which the customer wishes to apply purchase processing, 

40 the inputted data s transmitted to the upper controller 351 as a signal, and the upper controller 351 having received 
the signal generates a random number by a random number generation program (not shown) held by itself based on 
the number of contents designated by the customer, or causes the random number generation unit 372 that is random 
number generating means to generate a random number by controlling the control section 360 of the encryption 
processing section 352. Incidentally, in some cases, the upper controller 351 transmits the keyword' and the random 

45 number to the hosting server 331 via the communication section 350. In addition, since the random number is used 
for selecting contents at random, all the contents belonging to a category of a keyword may be applied purchase 
processing, or contents belonging to a category of a keyword may be applied purchase processing in the order of 
appearing on the data table without forcing to generate a random number. 

[0805] The upper controller 351 retrieves a data table in the KIOSK terminal server 357 based on the random number 
so data previously generated and the keyword inputted via the inputting means 355. Then, the upper controller 351 arbi- 
trarily selects an ID of contents in the number designated by the customer based on the random number data out of 
a plurality of IDs belonging to a category corresponding to the keyword, and reads out contents corresponding to the 
selected ID of the contents from the hosting server 331. 

[0806] In addition, as another example, the control section 341 of the hosting server 331 arbitrarily selects an ID of 
55 contents in the number designated by the customer based on the random number data out of a plurality of IDs of 
contents belonging to a category corresponding to the keyword by retrieving the data table in the server 342 based on 
the random number data and the keyword transmitted from the KIOSK terminal 332, reads out contents corresponding 
to the selected ID of the contents from the server 342, and at the same time, transmits read out each content to the 
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KIOSK terminal 332 via the communication section 340. 

[0807] In this way, the KIOSK terminal 332 executes the above-mentioned purchase processing for Figures 103 to 
1 05 and Figure 1 06 with respect to the plurality of contents transmitted from the hosting server 331 , and records each 
of the contents altogether in the external memory 123 that is a recording medium via the external memory control 
5 section 130 that is a recording medium in the electronic distribution only recording medium 334. Thus, the KIOSK 
terminal 332 can easily make an album by recording a plurality of tunes altogether that belong to a category a customer 
prefers in the electronic distribution only recording medium 334. 

[0808J In addition, in the purchase processing in the KIOSK terminal 332, the KIOSK terminal 332 records the above- 
mentioned provision information and contents (or, as described above, the provision information and the contents may 

io behave like one content) in the external memory 123 altogether via the external memory control section 130 of the 
electronic distribution only recording medium 334. Upon reproducing the contents, in order to have a customer listen 
to the provision information, a reproduction order of the contents can be provided for, for example, a limitation clause 
may be added to the license conditions information. Then, in the purchase processing of the contents, the customer 
can select whether to add or not to add provision information, and if the provision information is added, purchase price 

is can be lowered or free in return for it Thus, the customer can obtain a utilization right of contents inexpensively than 
usual, and even in such a case, the content provider 2 and the service provide 3 (in this embodiment, a owner of the 
KIOSK terminal 332) can obtain a profit from provision information fees (so called commercial fees) via the electronic 
distribution service center 1 . 

[0809] In addition, in the KIOSK terminal 332, in the case in which a plurality of contents are recorded as an ajbum 
20 in the electronic distribution only recording medium 334, the control section 360 of the encryption processing section 
352 selects, for example, a reproduction right with a number of times limitation that can reproduce Contents only once 
as a utilization right for these contents. Moreover, when preparing license conditions information, the control section 
360 of the encryption processing section in the KIOSK terminal 332 or the control section 124 of the encryption process- 
ing section 122 in the electronic distribution only recording medium 334 stores an ID that shows that the contents were 
25 recorded in the KIOSK terminal 332 as an ID of the service provider 3 that is stored in the license conditions information. 
For example, if an Id of the service provider 3 is 64 bits, the upper 16 bits are designated as a group number and the 
lower 48 bits are designated as a serial number, and as an ID allocated to the KIOSK terminal 332 that a single infor- 
mation provider owns, an ID with a group number identical to all the apparatuses and a serial number of the lower 48 
bits is different for each apparatus. Then, in order to identify whether or not the contents recorded in the electronic 
30 distribution only recording medium 334 are those recorded in the KIOSK terminal 332, the contents is identified by a 
group number of an ID of a service provider included in license conditions information. (That is, a group number is 
allocated for each information provider.) 

[0810] Then, in the KIOSK terminal 332, if the customer inserts the electronic distribution only recording medium 
334 again and requests to record a plurality of contents as an album, the control section 360 of the encryption processing 
35 section 352 takes out license conditions information from the electronic distribution only recording medium 334, and 
retrieves the contents that were recorded in the KIOSK terminal 332 and were already reproduced based on the license 
conditions information. 

[081 1] In this way, in the KIOSK terminal 332, new contents can be recoded that deletes (overwrites) were recorded 
in the KIOSK terminal 332 of the information provider and already reproduced without deleting contents that were 
40 recorded by the KIOSK terminal 332 of the identical information provider but have not reproduced at all or contents 
that were recorded by a KIOSK terminal of another information provider different from the KIOSK terminal 332 of the 
identical information provider in the electronic distribution only recording medium 334. 

[0812] In the above-mentioned configuration, the electronic music distribution system 10 prepares a data table for 
categorizing a plurality of contents saved in the server 342 of the hosting server 331 by the upper controller 351 of the 

45 KIOSK terminal 332, and saves the data table in the KIOSK terminal server 357. 

[0813] Then, when the customer who has inserted the electronic distribution only recording medium 334 in the KIOSK 
terminal 332 designates a keyword indicating the customer's own preference, a number of contents to be purchased 
altogether, and whether or not to insert/not insert provision information (commercial, etc.), if necessary, the KIOSK 
terminal 332 generates a random number data based on the designated number of contents, specifies IDs of many 

50 contents belonging to a category of the designated keyword from the data table, and at the same time, arbitrarily selects 
IDs of the designated number of contents based on the random number data from the IDs of the specified contents, 
reads out contents corresponding to the selected IDs of the contents from the hosting server 331, and records the 
arbitrarily selected plurality of contents and the provision information (commercial, etc.), if necessary, altogether in the 
electronic distribution only recording medium 334. 

55 [0814] Therefore, it is possible to record a plurality of contents (tunes) belonging to a category according to a pref- 
erence of a customer altogether in the electronic distribution recording medium 334 to easily make an album. In addition, 
since a random number is used for selection of contents, even if contents are recorded again in the electronic distribution 
only recording medium 334, a customer can listen to different contents with relatively high probability, and it is also 
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possible to make it unclear which tunes are recorded, therefore, fun of listening to music can be provided to a customer. 
[081 5] Moreover, since a number of reproduction times of contents and an apparatus used for recording the contents 
are managed in the electronic distribution recording medium 334, if the contents are recorded again in the electronic 
distribution only recording medium 334 in the KIOSK terminal 332, inadvertent deletion of contents that were recorded 
5 in the KIOSK terminal 332 but have not reproduced at all or contents recorded by an apparatus different from the 
KIOSK terminal 332 can be prevented. 

[081 6] According to the above-mentioned configuration, in the information provision apparatus 330, since a number 
of contents saved in the hosting server 331 are categorized and managed based on a predetermined keyword by the 
KIOSK terminal 332, when a customer utilizing the KIOSK terminal 332 designates a keyword indicating the customer's 

10 own preference and a desired number of contents, contents in the number designated by the customer are arbitrarily 
selected, and the selected contents are read out from the hosting server 331 and recorded in the electronic distribution 
only recording medium 334, the plurality of contents belonging to a category according to the customer's preference 
can be recorded altogether, thus a plurality of contents according to the customer's preference can be easily recorded. 
[0817] In addition, a customer can obtain a utilization right of contents inexpensively by saving provision information 

1$ with contents altogether. 

[0818] Further, although the information provision apparatus 330 that is an information recording apparatus is con* 
figured by connecting the hosting server 331 and the KIOSK terminal 332 by a special purpose cable, a communication 
satellite or the like in the electronic music distribution system 10, it may be configured by providing the hosting server 
331 integrally in the KIOSK terminal 332, or providing the hosting server 331 inside the content provider 2. 

20 [0819] In addition, as a medium used as a recording medium 333, various kinds of media other than an MD (trade- 
mark) can be applied if a copying limitation can be added as in a medium corresponding to SCMS. 
[0820] Moreover, although the KIOSK terminal 332 is installed in a simple retail store, it can be installed in various 
places such as in a large scale store, a public facility, or the like. 

[0821] Moreover, as a utilization right of purchasable contents, not only a number of times right that can only be 
25 reproduced once but also a utilization right whose effective period is limited is envisaged, and when applying purchase 
processing in the KIOSK terminal 332, contents whose effective period has expired can be deleted. 
[0822] Furthermore, although a customer is allowed to selected whether or not to attach provision information to 
contents, a customer may be forced to attach provision information to all contents depending on the contents. 

30 (12) Purchase prohibition processing of contents 

[0823] Here, a purchase prohibition list preparation section (not shown in Figure 2) is provided in the electronic 
distribution service center 1 (Figure 2) that is a list transmission apparatus, and the purchase prohibition list preparation 
section prepares a purchase prohibition list of contents indicated in Figure 108. An ID of contents being objects of 
35 purchase prohibition, an ID of a content provider being an object of utilization suspension, and an ID of a service 
provider being an object of utilization suspension are stored in the purchase prohibition list of contents, and an electronic 
signature of the electronic distribution service center 1 is attached to the entire list. 

[0824] In the purchase prohibition list of contents, the ID of contents being an object of purchase prohibition indicates 
contents that have become objects of purchase prohibition because a defect (an error) has occurred in data, provision 

40 of contents has been suspended due to some reason by a provider of contents (a content provider 2 and a service 
provider 3), or the (ike. In addition, the ID of a content provider and the ID of the service provider being objects of 
utilization suspension indicate a content provider 2 and a service provider 3 that have become unable to be utilized 
for purchase of contents because they have been deprived of a sales right of contents due to illegal distribution of 
contents being objects of purchase prohibition, they are unable to distribute contents due to bankruptcy or the like. ' 

45 [0825] The electronic distribution service center 1 transmits a purchase prohibition list of an apparatus (in this em- 
bodiment, the home server 51 that is an online apparatus) in the user home network 5 connected online to the electronic 
distribution service center 1 via a predetermined transmitting means (not shown). 

[0826] The home server 51 receives the purchase prohibition list of contents transmitted from the electronic distri- 
bution service center 1 by the communication section 61 , and the upper controller 62 forwards the purchase prohibition 

50 list to the encryption processing section 65. After verifying an electronic signature attached to the purchase prohibition 
right in the signature verification unit 115, the encryption processing section 65 saves the purchase prohibition list in, 
for example, the mass storage section 68 that is a list holding means via the upper controller 62 if the purchase pro- 
hibition list is not tampered. Incidentally, the home server 51 may save the purchase prohibition list transmitted from 
the electronic distribution service center 1 in the mass storage section 68 without verifying the signature attached to 

55 jt, and verify the signature when using the purchase prohibition list in purchase processing, or the like. 

[0827] Then, when a content provider secure container and a service provider secure container are transmitted from 
the content provider 2 via the service provider 3, the upper controller 62 forwards, for example, a handling policy 
included in the content provider secure container or price information included in the service provider secure container 
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to the encryption processing section 65, and at the same time, reads out a purchase prohibition list of contents from 
the mass storage section 68 and forwards it to the encryption processing section 65. 

[0828] The control section 91 that is take-in suspension processing means of the encryption processing section 65 
retrieves information in the purchase prohibition list of contents using an ID of the content provider indicating a provider 

5 of contents included in the handling policy or the price information, an ID of the service provider, or and an ID of contents 
to be provided. Then, if the ID of the content provider included in the handling policy or the price information, the ID of 
the service provider, or and the ID of contents exists in the purchase prohibition list of contents, the control section 91 
does not purchase the contents, and executes purchase processing only if the ID of the content provider included in 
the handling policy or the price information, the ID of the service provider, or and the ID of contents does not exist in 

10 the purchase prohibition list. 

[0829] In this way, even if contents being objects of purchase prohibition are inadvertently transmitted, the home 
server 51 can prevent purchase of the contents, and at the same time, prevent purchase of Contents transmitted from 
the content provider 2 or the service provider 3 that is an object of utilization suspension. Incidentally, when receiving 
a purchase prohibition list of contents, the home server 51 can prohibit purchase of contents based on a regular pur- 

15 chase prohibition list prepared in the electronic distribution service center 1 by verifying an electronic signature of the 
purchase prohibition list. 

[0830] I n addition, in the electronic distribution service center 1 , each time new contents becomes object of purchase 
prohibition other than the contents registered in the purchase prohibition list of contents, or a new content provider 2 
or service provider 3 becomes an object of utilization suspension other than the content provider 2 or the service 
20 provider 3 registered in the purchase prohibition list, the purchase prohibition list of contents is updated and the updated 
purchase prohibition list is transmitted to the home server 51 . 

[0831] Thus, each time a purchase prohibition list is transmitted from the electronic distribution service center 1 , the 
home server 51 updates a purchase prohibition list in the mass storage section 68. Incidentally, if the purchase prohi- 
bition list is updated, the electronic distribution service center 1 is made such that a receiving side of a purchase 
25 prohibition list can identify if the purchase prohibition list is the one newly updated by attaching a date of the update 
(update date), a number (serial number), or the like to the purchase prohibition list. 

[0832] Here, a fixed apparatus, a portable apparatus, an electronic distribution only recording medium, and the like 
(these are collectively hereinafter referred to as offline apparatuses) that are not connected online to the electronic 
distribution service center 1 are provided in the user home network 5, and the home server 51 transmits a purchase 

30 prohibition list of contents to an offline apparatus when the offline apparatus is connected, and causes the offline 
apparatus to save the purchase prohibition list. Incidentally, since an offline apparatus is not always connected to the 
home server 51, even if a purchase prohibition list of contents is updated in the electronic distribution service center 
1, a purchase prohibition list held inside the purchase prohibition list may not be updated accordingly. 
[0833] Thus, if an offline apparatus is connected, the home server 51 compares purchase prohibition lists held by 

35 them, and if the purchase prohibition list held by the home server 51 is new than the purchase prohibition list held by 
the offline apparatus, transmits its purchaser prohibition list to the offline apparatus, and causes the offline apparatus 
to update it 

[0834] In addition, if offline apparatuses are connected each other, as in the case in which the home server 51 and 
an offline apparatus are connected, the home server 51 compares purchase prohibition list held by them, and as a 

40 result, an offline apparatus holding the latest purchase prohibition list among the purchase prohibition lists held by 
them transmits the purchase prohibition list to the other offline apparatus and causes the other offline apparatus to 
update the purchase prohibition list, and in this way, each offline apparatus update a purchase prohibition list even rf 
itisnotconn.ectedtothehomeserver51. . •* .. * 

[0835] Incidentally, if purchased contents are prohibited purchasing after its purchase or a provider of purchased 

45 contents (a content provider 2 and a service provider 3) becomes an object of utilization suspension after purchase of 
the contents, each apparatus (a home server 51 and an offline apparatus) in the user home network 5 does not prohibit 
utilization of the contents that are prohibited purchasing after its purchase or contents purchased from the provider 
(the content provider 2 and the service provider 3) that has become an object of utilization suspension before the 
utilization suspension, but prohibits redistribution and repurchase of the contents. 

so [0836] Therefore, when redistributing and repurchasing already purchased contents, each apparatus (the home serv- 
er 51 and the offline apparatus) in the user home network 5 detects whether or not an ID of contents that are objects 
of the redistribution and the repurchase is registered in the purchase prohibition list, and if the ID of contents that are 
objects of the redistribution and the repurchase is registered in the purchase prohibition list, does not perform the 
redistribution and the repurchase of the contents. 

55 [0837] In addition, at the time of such redistribution and repurchase, each apparatus (the home server 51 and the 
offline apparatus) in the user home network 5 detects whether or not an ID of a content provider and an ID of a service 
provider included in a handling policy and price information corresponding to contents that is object of the redistribution 
and the repurchase are registered in the purchase prohibition list, and if the ID of a content provider and the ID of a 
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service provider (indicating a provider of the contents) corresponding to contents that is object of the redistribution and 
the repurchase are registered in the purchase prohibition list, does not perform redistribution and repurchase of the 
contents. 

[0838] In addition, although, at the time of redistribution and repurchase, each apparatus (the home server 51 and 
5 the offline apparatus) detects whether or not contents that are objects of the redistribution and the repurchase is pro- 
hibited purchasing and whether or not the provider of the contents (the content provider 2 and the service provider 3) 
has become an object of utilization suspension based on the purchase prohibition of contents, if the purchase prohibition 
list then held is not the latest one, even if the contents that is objects of the redistribution and the repurchase are 
prohibited repurchase in the latest purchase prohibition list, possibly transmits them to the other apparatus without 
10 knowing it. 

[0839] Thus, if contents are redistributed and repurchased, each apparatus (the home server 51 and the offline 
apparatus) registers an ID of the redistributed and repurchased contents, an ID of a content provider and an ID of a 
service provider indicating providers of the contents, and an ID of an encryption processing section provided in an 
apparatus of a redistributor/repurchaser of the contents in a redistribution/repurchase list of contents shown in Figure 
15 109, and saves the redistribution/repurchase list in, for example, a mass storage section. Incidentally, each time re- 
distribution and repurchase of contents are performed, each apparatus updates and saves a redistribution/repurchase 
list. 

[0840] Then, when receiving a purchase prohibition list of contents from another apparatus (i.e., when the home 
server receives a purchase prohibition list from the electronic distribution service center 1, and when the offline appa- 
20 ratus receives a purchase prohibition list from the home server 51 or another offline apparatus), each apparatus (the 
home server 51 and the offline apparatus) retrieves information in the redistribution/repurchase list based on the ID of 
the contents that are objects of purchase prohibition, the ID of the content provider and the ID of the service provider 
that are objects of utilization suspension, which are registered in the purchase prohibition list. 

[0841] As a result, if the ID of the contents that are objects of purchase prohibition, the ID of the content provider 

25 and the ID of the service provider that are objects of utilization suspension are registered in the redistribution/repurchase 
list (in other words, rf the contents that has become objects of purchase prohibition and the contents purchased from 
the provider (the content provider 2 and the service provider 3) that has become an object of utilization suspension 
are redistributed and repurchased), each apparatus (the home server 51 and the offline apparatus) determines that 
an apparatus (a home server 51 or an offline apparatus) of the other party that redistributed and repurchased the 

30 contents that have become objects of purchase prohibition or the contents purchased from the provider (the content 
provider 2 and the service provider 3) that has become an object of utilization suspension is likely to have an old 
purchase prohibition list before update, and transmits a purchase prohibition list to the other party's apparatus (i.e., 
when the other party's apparatus is connected) based on the ID of the corresponding encryption processing section 
in the redistribution/repurchase list and causes the other party's apparatus to update its purchase prohibition list 

35 [0842] Here, redistribution processing and repurchase processing of contents performed among apparatuses of the 
user home network 5 will be described in the case of the home server 51 with reference to a flow chart shown in Figure 
110. That is, in step S890, the upper controller 62 in the home server 51 reads out a purchase prohibition list of contents 
from the mass storage section 68, causes the. signature verification unit 115 of the encryption processing section 65 
to verify a signature of this purchase prohibition list, and as a result, if the purchase prohibition list is a correct data, 

40 the processing proceeds to step S891 . 

[0843] In step S891, the upper controller 62 retrieves information in the information prohibition list based on an ID 
of Contents that are objects of the redistribution processing and the repurchase processing, verifies whether or not the 
ID of contents that are objects of the redistribution processing and the repurchase processing is registered in the 
purchase prohibition list (i.e., whether or hot contents that are objects of redistribution and repurchase are objects of 

45 purchaser prohibition), and if the ID of the contents is not registered in the purchase prohibition list (i.e., the contents 
that are objects of the redistribution and the repurchase are not objects of purchase prohibition), the processing pro- 
ceeds to step S892. 

[0844] In step S892, the upper controller 62 retrieves information in the purchase prohibition list based on an ID of 
a content provider indicating a provider of contents that are objects of redistribution and repurchase (an ID of a content 

50 provider stored in a handling policy), verifies whether or not the ID of the content provider is registered in the purchase 
prohibition list (i.e., whether or not a content provider 2 that is a provider of the contents that are objects of the redis- 
tribution and the repurchase is an object of utilization suspension), and if the ID of the content provider is not registered 
in the purchase prohibition list (i.e., the content provider 2 that is a provider of the contents that are objects of the 
redistribution and the repurchase is not an object of utilization suspension), the processing proceeds to step S893. 

55 [0845] In step S893, the upper controller 62 retrieves information in the purchase prohibition list based on an ID of 
a service provider indicating a provider of contents that are objects of the redistribution and the repurchase (an ID of 
a service provider stored in price information), verifies whether or not the ID of the service provider is registered in the 
purchase prohibition list (i.e., whether or not a service provider 3 that is a provider of contents that are objects of the 
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redistribution and the repurchase), and if the ID of the service provider is not registered in the purchase prohibition list 
(i.e., the service provider 3 that is a provider of the contents that are objects of the redistribution and the repurchase 
is not an object of utilization suspension), the processing proceeds to step S894. 

10846] In step S894, the upper controller 62 reads out a redistribution/repurchase list of contents from the mass 

s storage section 68 and forwards it to the control section 91 of the encryption processing section 65. and the control 
section 91 verifies a signature attached to the redistribution/repurchase list using the signature venfication unit 115, 
and if the redistribution/repurchase list is correct data, the processing proceeds to step S895. 
108471 In step S895, when a public key certificate of an offline apparatus that is a counterpart of redistribution process- 
ing and repurchase processing, is sent from the offline apparatus, the upper controller 62 receives this by the commu- 

10 nication section 61 , and forwards the received public key certificate to the control section 91 of the encryption processing 
section 65 Then, the control section 91 performs mutual authentication with the counterpart offline apparatus by this 
public key certificate using the mutual authentication module 95. and as a result, when the counterpart offline apparatus 
is authenticated, the processing proceeds to step S896. where the control section 91 additionally registers an ID of an 
encryption processing section in the offline apparatus included in the public key certificate (the public key certrficate 

15 used for the mutual authentication in step S895) in the previously verified redistribution/repurchase list of contents, 
and at the same time, additionally registers a corresponding ID of contents that are objects of the redistnoutjonand 
the repurchase, ID of a content provider and ID of a service provider, and the processing proceeds to step S897. 
108481 In step S897, the control section 91 regenerates a signature of the redistribution/repurchase list obtained in 
step S896 using the signature generation unit 14. forwards the redistribution/repurchase list whose signature was 

20 regenerated to the mass storage section 68 via the upper controller 62. and saves the redistribution/repurchase list in 
the mass storage section 68 in the following step S898. 

[0849) Then, in step S899. the upper controller 62 redistributes and repurchases the contents that are objects of the 
redistribution and the repurchase. 

[08501 Incidentally, when the upper controller 62 determines that data is not correct because the purchase prohibition 
25 list is tamper or the like in step S890. the processing proceeds to step S900. where the upper controller 62 detects 
whether or not an apparatus in which the upper controller 62 is provided is the home server 51, and in this case, since 
the apparatus in which the upper controller 62 is provided is the home server 51. the processing proceeds to step 
S901. where the upper controller 62 obtains a purchase prohibition list again from the electronic distribution service 
center 1 

30 [08511 * In addition, in step S900, if the apparatus executing the redistribution and the repurchase of contents is an 
offline apparatus in step S900, the processing proceeds to step S902, where the apparatus executing the redistnbution 
and the repurchase of the contents obtains a purchase prohibition list again from an apparatus that is a counterpart of 
the redistribution processing and the repurchase processing of the contents (the home server 51 or another appara- 

35 joS Then when having obtained the purchase prohibition list in this way, the home server 51 and the offline 
apparatus verifies a signature of the purchase prohibition list, and if the purchase prohibition list is correct data, the 
processing proceeds to step S891. 

[0853] As described above, if an ID of contents that are objects of redistribution and repurchase, an ID of a content 
provider indicating a provider of the contents and an ID of a service provider do not exist in a purchase prohibition list, 

40 the home server 51 determines that the contents of the redistribution and the repurchase are not objects of purchase 
prohibition and are not those provided from a content provider 2 and a service provider 3 that are objects of utilization 
suspension, and redistributes and repurchases the contents that are objects of the redistribution and the repurchase 
with a counterpart offline apparatus. In addition, at this moment, the home server 51 updates a redistribution/repurchase 
list of contents and saves it in the mass storage section 68. 

45 [0854] On the other hand, if an ID that are objects of redistribution and repurchase are registered in a purchase 
prohibition list in step S891, if an ID of a content provider indicating a provider of the contents is registered in the 
purchaser prohibition list in step S892, or if an I D of a service provider indicating a provider of the contents is registered 
in the purchaser prohibition list in step S893, the upper controller 62 in the home server 51 determines that the contents 
that are objects of the redistribution and the repurchase are objects of purchase prohibition or that the contents are 

so those provided from a content provider 2 or a service provider 3 that is object of utilization suspension, executes error 
processing in step S904, thereby suspends the redistribution and the repurchase of the contents that are objects of 
redistribution and repurchase. 

[0855] Incidentally, if it is determined that a redistribution/repurchase list in the step 894 of contents is incorrect data 
because it is tampered or the like as a result of verification of the redistribution/repurchase list in the step 894, and if 
55 it is determined that a purchase prohibition list is incorrect data because it is tampered or the like as a result of verification 
of a signature of the purchase prohibition list of contents in step S902, the upper controller 62 executes error processing 
and suspends redistribution and repurchase of the contents that are objects of the redistribution and the repurchase. 
[0856] Thus even if purchased contents become objects of purchase prohibition or a provider of the contents (a 
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content provider 2 and a service provider 3) becomes an object of utilization suspension, the home server 51 can 
prohibit redistribution and repurchase of the contents. Incidentally, other offline apparatuses excluding the home server 
51 in the user home network 5 can execute redistribution/repurchase processing as the home server 51 does, thereby 
prohibiting redistribution and repurchase of purchased contents that has become objects of purchase prohibition or 
5 contents that were purchased from a provider (a content provider 2 and a service provider 3) of contents that have 
become objects of utilization suspension. 

[0857] Further, in the home server 51 , when a purchase prohibition list of contents transmitted by the electronic 
distribution service center 1 via a predetermined transmission means is transmitted by the communication section 61, 
the upper controller 62 forwards the purchase prohibition list of the contents to the encryption processing section 65, 
10 and causes the signature verification unit 115 of the encryption processing section 65 to verify the signature. Subse- 
quently, the upper controller 62 reads out a redistribution/repurchase list of contents from the mass storage section 
68, transmits it to the encryption processing section 65, and causes the signature verification unit 115 of the encryption 
processing section 65 to verify the signature. 

[0858] Then, if an ID of contents that are objects of purchase prohibition registered in a purchase prohibition list of 
15 contents is registered in a redistribution/repurchase list, the upper controller 62 transmits the purchase prohibition list 
to a counterpart offline apparatus or the like that has redistributed and repurchased the contents that are objects of 
purchase prohibition, thereby causing the counterpart offline apparatus to update the purchase prohibition list. Similarly, 
if an ID of a content provider or an ID of a service provider that is an object of utilization suspension registered in the 
purchase prohibition list is registered in the redistribution/repurchase list of contents, the upper controller 62 transmits 
20 the purchase prohibition list to a counterpart offline apparatus or the like that has redistributed or repurchased contents 
purchased from a content provider 2 or a service provider 3 that has become an object of utilization suspension, thereby 
causing the counterpart offline apparatus to update the purchase prohibition list 

[0859] Thus, between the home server 51 connected online to the electronic distribution service center 1 and an 
offline apparatus, by executing retrieval processing in a redistribution/repurchase list based on a purchase prohibition 

25 list each time the purchase prohibition list is obtained, even if contents already redistributed and repurchased becomes 
objects of purchase prohibition or a provider of the contents (a content provider 2 and a service provider 3) becomes 
an object of utilization suspension, it is possible to prevent the contents from being redistributed and repurchased again. 
[0860] Incidentally, between offline apparatuses, by executing processing similar to the retrieval processing in a 
redistribution/repurchase list performed between the home server 51 and an offline apparatus, even if contents already 

30 redistributed and repurchased becomes objects of purchase prohibition or a provider of the contents (a content provider 
2 and a service provider 3) becomes an object of utilization suspension, it is possible to prevent the contents from 
being redistributed and repurchased again. 

[0861] In the above-mentioned configuration, the electronic music distribution system 10 prepares a purchase pro- 
hibition list of contents by the electronic distribution service center 1 , and transmits the prepared purchase prohibition 

35 list to the home server 51 in the user home network 5 connected online to the electronic distribution service center 1. 
In addition, in the user home network 5, the home server 51 transmits the purchase prohibition list of contents to an 
offline apparatus not connected online to the electronic distribution service center 1, and at the same time, purchase 
prohibition lists held by offline apparatuses are compared with each other among the offline apparatuses at the time 
of communication, and if one is the purchase prohibition list updated later than the other, the apparatuses mutually 

*o hold this new purchase prohibition list 

[0862] Then, in the user home network 5, if contents are distributed from a content provider 2 via a service provider 
3, or if contents are transmitted from another apparatus in the user home network 5, each apparatus (a home server 
.51 and an offline apparatus) determines whether or not the contents are objects of purchase prohibition and the content 
provider 2 and the service provider 3 that are providers of the contents are objects of utilization prohibition using a 

45 purchase prohibition list, and when the contents are objects of purchase prohibition or the content provider 2 and the 
service provider 3 are objects of utilization prohibition, suspends purchase of the contents. 

[0863] Therefore, in such an electronic music distribution system 10, each apparatus (the home server 51 and an 
offline apparatus) in the user home network 5 can prevent contents that are objects of purchase prohibition or contents 
provided from a content provider 2 and/or a service provider 3 that are objects of utilization prohibition from being 
50 purchased. 

[0864] In addition, in the electronic music distribution system 10, if contents redistributed and repurchased among 
apparatuses in the user home network 5 has become objects of purchase prohibition, or if a content provider 2 and a 
service provider 3 that are providers of the contents have become objects of utilization suspension, since the appara- 
tuses transmit a purchase prohibition list to a counterpart apparatus that has executed the redistribution processing 
55 and the repurchase processing of the contents based on an ID of an encryption processing section in a redistribution/ 
repurchase list of contents, diffusion of illegal contents from the counterpart apparatus to other apparatuses can be 
prevented. 

[0865] According to the above-mentioned configuration, since a purchase prohibition list of contents is prepared in 
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the electronic distribution service center 1, the purchase prohibition list is held by each apparatus (the home server 51 
and an offline apparatus) in the user home network 5, and each apparatus in the user home network 5 suspends 
purchase of contents that are objects of purchase prohibition and contents transmitted from a content provider 2 and 
a service provider 3 that are objects of utilization prohibition based on the purchase prohibition list, in each apparatus 
5 in the user home network 5, purchase of the contents that are objects of purchase prohibition and the contents provide 
from the content provider 2 or the service provider 3 can be prevented, thus it is possible to realize an electronic music 
distribution system that is capable of substantially certainly preventing contents that are objects of provision prohibition 
to be utilized. 

[0866] Incidentally, although an ID of contents that are objects of purchase prohibition, and IDs of a content provider 
10 2 and a service provider 3 that are objects of utilization prohibition are respectively registered in a purchase prohibition 
list, it is sufficient that at least an ID of contents that are objects of purchase prohibition is registered. 
[0867] In addition, although a purchase prohibition list of contents is held in a mass storage section in each apparatus 
in the user home network 5, the purchase prohibition list may be held in various kinds of storage media such as an 
external memory. 

15 [0868] Moreover, although an encryption processing section determines whether or not contents to be purchased 
are objects of purchase prohibition based on a purchase prohibition list in each apparatus in the user home network 
5, this determination processing may be executed by an upper controller. 

[0869] Furthermore, in such an electronic music distribution system 10, when illegal contents flow into the system, 
if an ID of the contents can be found, purchase of the illegal content in an apparatus in the user home network 5 can 
20 be prevented. 

[0870] Furthermore, if it is found that contents that re objects of purchase prohibition is held in an apparatus in the 
user home network 5 by verifying a purchase prohibition list, information indicating that redistribution and the repurchase 
of the contents are prohibited may be embedded in a predetermined region in license conditions information corre- 
sponding to the contents. Similarly, with respect to contents purchased from a content provider 2 and a service provider 
25 3 that are object of utilization prohibition, information indicating that redistribution and the repurchase of the contents 
are prohibited may be embedded in a predetermined region in license conditions information corresponding to the 
contents. Thus, when redistributing and repurchasing contents, the contents that are objects of redistribution and re- 
purchase can be easily identified by looking at corresponding license conditions information without retrieving through 
a purchase prohibition list of contents. 

30 

(13) Other configuration of an electronic music distribution system 

[0871] Figure 111 illustrates an electronic music distribution system 400 of another configuration. In such an electronic 
music distribution system 400, personal computers (hereinafter referred to as personal computers for signal processing) 
35 403 and 406 for signal processing between a content provider 404 consisting of two personal computers 402 and 403 
for a content server and for signal processing and a service provider 407 consisting of two personal computers 405 
and 406 for a content server and for signal processing as well are connected to an electronic distribution service center 
401 of a personal computer configuration. 

[0872] In addition, the personal computer 403 for signal processing of the content provider 404 is connected to the 
40 personal computer 406 for signal processing of the service provider 407, and a home server 409 of a personal computer 
configuration provided in a user home network 408 is also connected via a network 4. 

[0873] In the user home network 408, a fixed apparatus 410 such as a fixed type record reproduction apparatus and 
* a portable apparatus 411 such as a portable type record reproduction apparatus and a portable type communication 
terminal (a portable type information apparatus, a cellular phone, or the like) are connected to the home server 409. 

45 [0874] As shown in Figure 112, in the electronic distribution service center 401 , an RAM (Random Access Memory) 
417, an ROM (Read Only Memory) 418, a display 419, an input section 420, a hard disk drive (HDD) 421 and a network 
interface 422 are connected to a control section 415 such as a CPU (Central Processing Unit) via a bus 416. 
[0875] In this case, the control section 415 can execute processing similar to that of the service provider management 
section 11, the content provider management section 12, the copyright management section 13, the key server 14, the 

50 history data management section 15, the profit distribution section 16, the mutual authentication section 17, the user 
management section 18, the charge billing section 19, the disbursement and receipt section 20 and the audit section 
21 in the electronic distribution service center 1 described above for Figure 2 in accordance with various kinds of 
programs stored in the ROM 418 in advance by reading out and developing the programs on the RAM 417. 
[0876] In addition, the control section 415 records a key used for the entire system (a delivery key and an individual 

55 key K|, etc.), and various kinds of information such as charge information, price information, a handling policy, and a 
user registration database in a hard disk of the hard disk drive 421, thereby holding and managing these various kinds 
of information. 

[0877] Moreover, the control section 415 can communicate with the content provider 404, the service provider 407, 
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the user home network 408, JASRAC and the like via the network interface 422. thus, can give and receive various 
kinds of information such as a delivery key an individual key encrypted by the delivery key K^j, charge information, 
price information, a handling policy, registration information utilization results of contents with the content provider 404, 
the service provider 407, the user home network 408, JASRAC and the like. 
5 [0878] In this way, the electronic distribution service center 401 of a personal computer configuration can realize a 
function similar to that of the electronic distribution service center 1 described above for Figure 2 in accordance with 
various kinds of programs. 

[0879] Incidentally, in the electronic distribution service center 410, although the input section 420 and the display 
419 may not be provided because these are not specifically used, the input section 420 and the display section 419 
10 may be used for confirming various kinds of information recorded in the hard disk drive 421 . 

[0880] In addition, in the electronic distribution service center 401, various kinds of programs may be recorded in a 
hard disk of the hard disk drive 421 instead of the ROM 418. 

[0881] Figure 113 is a block diagram showing a configuration of the content provider 404 in which the personal 
computer for a content server (hereinafter referred to as a personal computer for a server) 402 is configured with an 
15 RAM 427, an ROM 428, a display 429, an input section 430, a hard disk drive 431 storing contents to be supplied to 
a user in a hard disk, and an IEEE (Institute of Electrical and Electronics Engineers) 1394 interface 432 connected to 
a control section 430 such as a CPU via a bus 426. 

[0882] In addition, in the content provider 404, the personal computer for signal processing 403 is configured with 
an RAM 437, an ROM 438, a display 439, an input section 440, a hard disk drive 441, a network interface 442 for 
20 connection with the electronic distribution service center 401 and the service provider 407, an IE EE 1394 interface 432 
of the personal compute for a server 402 and an IEE1394 interface 444 connected via an IEEE1394 cable 443 con- 
nected to a control section 435 such as a CPU via a bus 436. 

[0883] In this case, the control section 425 of the persona) computer 402 reads out a predetermined program stored 
in the ROM 428 in advance and develops it on the RAM 427, thereby operating in accordance with the program, and 

25 when a read-out instruction of contents is transmitted from the control section 435 of the personal computer 403 for 
signal processing via the IEE1394 cable 443, takes in the read-out instruction via the IEEE 1394 interface 432, reads 
out the contents from a hard disk of the hard disk drive 431 based on the taken in read-out instruction of the contents, 
and at the same time, transmits the read out contents to the personal computer for signal processing 403 from the 
IEEE1394 interface 432 via the IEEE1394 cable 443. 

30 [0884] Incidentally, in the personal computer 402 for a server, although the input section 430 and the display 429 
may not be provided by not specifically using the input section 430 and the display 429, the input section 430 and the 
display 429 may be used for confirming contents recorded in the hard disk drive 431 , storing new contents in the hard 
disk drive 431 and deleting contents. 

[0885] In addition, in the personal computer 402 for a server, a program may be recorded in the hard disk of the hard 

35 disk drive 431 in advance instead of the ROM 428. 

£0886] On the other hand, in the content provider 404, the control section 435 of the personal computer 403 for signal 
processing records an individual key K,, an individual key K, encrypted by a delivery key K$ and a public key certificate 
of the content provider 404 in the hard disk of the hard disk drive 439, thereby maintaining and managing the individual 
key K|, the individual key K< encrypted by a delivery key and the public key certificate of the content provider 404. 

to [0887] And, the control section 435 can executes processing similar to that of the electronic watermark addition 
section 32, the compression section 33, the content encryption section 34, the content key generation section 35, the 
content key encryption section 36, the handling policy generation section 37, the signature generation section 38 and 
the mutual authentication section 39 of the contents provider 2 described above with reference to Figure 9 in accordance 
with predetermined various kinds of programs by reading out the predetermined various kinds of programs, which are 

<s stored in the ROM 438 in advance, and developing them on the RAM 437. 

[0888] Thus, the personal computer for signal processing 403 can give and receive a delivery key K^, an individual 
key Kj encrypted by the delivery key K<,, a handling policy, and a content provider secure container with the electronic 
distribution service center 401 and the service provider 407 via the network interface 442. 

[0889] In this way, the content provider 404 of a personal computer configuration can realize a function similar to 
so that of the content provider 2 described above for Figure 9 in accordance with various kinds of programs. 

[0890] Incidentally, in the personal computer 403 for signal processing, although the input section 440 and the display 
439 may not be provided by not specifically using the input section 400 and the display 439, the input section 440 and 
the display 439 may be used for confirming an individual key Kj, an individual key Kj encrypted by the delivery key Kg, 
a public key certificate of the content provider 404, or the like recorded in the hard disk drive 441. 
55 [0891] In addition, in the personal computer 403 for signal processing, various kinds of programs may be recorded 
in the hard disk of the hard disk drive 441 instead of the ROM 438. Further, in the personal computer for signal process- 
ing 403, an individual key Kj may be held by giving tamper resistant feature to the RAM 437. 

[0892] Further, in the content provider 404, although the personal computer for signal processing 403 and the per- 
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sonal computer for a server 402 are connected via the IEEE 1394 cable 443, the personal computer for signal processing 
403 and the personal computer for a server 402 may be line connected via a predetermined signal cable such as a 
USB (Universal Serial Bus) cable* an RS-232C cable, or the like, or wireless connected via predetermined wireless 
communicating means. 

5 [0893] Figure 114 is a block diagram showing a configuration of the service provider 407, and the persona! computer 

405 for a server is configured with an RAM 447, an ROM 448, a display 449, an input section 450, a hard disk drive 
451 storing a content provider secure container and a public key certificate of the content provider 404 in a hard disk, 
and IEEE1394 interface 452 connected to a control section 445 such as a CPU via a bus 446. 

[0894] In addition, in the service provider 407, the personal computer for signal processing 406 is configured with 
10 an RAN 456, an ROM 457, a display 458, an input section 449, a hard disk drive 460, a network interface 461 for 
connection with the electronic distribution service center 401 and the content provider 404, an IEEE1 394 interface 463 
connected with an IEEE1394 interface 452 of the personal computer for a server 405 via an IEEE1394 cable 462, and 
a modem 46 for connecting with the user home network 408 via the network 4 connected to a control section 454 such 
as a CPU via a bus 455. 

15 [0895] In this case, the control section 445 of the personal computer for a server 405 reads out a predetermined 
program stored in the ROM 448 in advance and develops it on the RAM 447, thereby operating in accordance with the 
program, and when a content provider secure container and a public key certificate of contents provider 404 are give 
together with writing instruction of these from the control section 454 of the personal computer for signal processing 

406 via the IEEE1394 cable 462, takes in the writing instruction via the IEEE1394 interface 452, writes the coptent 
20 provider secure container and the public key certificate of the content provider 404 in the hard disk of the hard disk 

drive 451 based on the taken in writing instruction, and at the same time, when an read-out instruction of a content 
provider secure container and a public key certificate of the content provider 404 is given from the control section 454 
of the personal computer 406 for signal processing via the IEEE1394 cable 462, takes in the read-out instruction via 
the IEEE 1 394 interface 452, reads out the content provider secure container and the public key certificate of the content 

25 provider 404 from the hard disk of the hard disk drive 451 based on the taken in read-out instruction, and at the same 
time, transmits the read out content provider secure container and public key certificate of the content provider 404 to 
the personal computer for signal processing 406 from the IEEE1394 interface 452 via the IEEE1394 cable 462. 
[0896] Incidentally, in the personal computer for a server 405, although the input section 450 and the display 449 
may not be provided by not specifically using the input section 450 and the display 449, the input section 450 and the 

30 display 449 may be used for confirming a content provider secure container and a public key certificate of the content 
provider 404 recorded in the hard disk drive 451. 

[0897] In addition, in the personal computer for a server 405, a program may be recorded in the hard disk of the hard 
disk drive 451 in advance instead of the ROM 448. 

[0898] On the other hand, in the service provider 407, the control section 454 of the personal computer for signal 
35 processing 406 records a public key certificate of the service provider 407 in the hard disk of the hard disk derive 460, 
and maintains and manages a secret key of the service provider 407 giving tamper resistant feature to the RAM 456. 
[0899] The control section 454 reads out predetermined various kinds of programs stored in the ROM 457 and de- 
velops then on the RAM 456, thereby capable of executing processing similar to that of the certificate verification 
section 42, the signature verification section 43, the pricing section 44, the signature generation section 45 and the 
40 mutual authentication section 46 of the service provider 3 described above for Figure 1 4 in accordance with the various 
kinds of programs. 

[0900] Thus, the personal computer for signal processing 406 can give and receive price information, a content 
provider secure container, or the like with the electronic distribution service center 401 and the content provider 407 
via the network interface 442, and at the same time, transmit a service provider secure container to the user home 

45 network 408 via the modem 464. 

[0901] In this way, the service provider 407 of a personal computer configuration can realize a function similar to that 
of the service provider 3 described above for Figure 1 4 n accordance with various kinds of programs. 
[0902] Incidentally, in the personal computer 406 for signal processing, although the input section 459 and the display 
458 may not be provided by not specifically using the input section 459 and the display 458, the input section 459 and 

50 the display 458 may be used for confirming a public key certificate of the service provider 407 or the like recorded in 
the hard disk drive 460. 

[0903] In addition, in the personal computer for signal computer 406, various kinds of programs may be recorded in 
the hard disk of the hard disk drive 460 in advance instead of the ROM 457. 

[0904] Moreover, in the service provider 407, although the personal computer for signal processing 406 and the 
55 personal computer for a server 405 are connected via the IEEE1394 cable 462, the personal computer for signal 
processing 406 and the personal computer for a server 405 may be line connected via a predetermined signal cable 
such as a USB cable, an RS-232C cable or the like, or may be wireless connected via predetermined wireless com- 
municating means. 



88 



EP1 128 598 A1 



[0905] Figure 115 is a block diagram showing a configuration of the user home network 408, and the home server 
409 of a personal computer configuration is configured with an RAM 467, an ROM 468, a display 469, an input section 
470, a hard disk drive 471, an IEEE1394 interface 472, a modem 473 for connecting with the service provider 407 via 
the network 4, and a network interface 474 for connection with the electronic distribution service center 401 connected 

5 to a control section 465 such as a CPU via a bus 466. 

[0906] In addition, in the user home network 408, the fixed apparatus 410 is configured with an RAM 77, an ROM 
478, a display 479, an input section 480, a record reproduction section 481 , a media interface 483 for a recording 
medium 482, and an IEEE1394 interface 495 connected with the IEEE1394 interface 472 of the home server via an 
IE EE 1394 cable 484 connected to a control section 475 such as a CPU via a bus 476. 

10 [0907] Moreover, in the user home network 408, the portable apparatus 411 is configured with an RAM 492, an ROM 
493, a display 494, an input section 495, and an IEEE 1394 interface 497 connected with the IEEE 1394 interface 472 
of the home server via an IEEE1394 cable 496 connected to a control section 490 such as a CPU via a us 491. 
[0908] In this case, the control section 465 of the home server 409 reads out various kinds of programs stored in the 
ROM 468 in advance and develops them on the RAM 467, thereby capable of executing processing similar to that of 

is the upper controller 62, the encryption processing section 65 and the extension section 66 of the home server 51 
described above for Figure 15 in accordance with the various kinds of programs. 

[0909] In addition, the display 469 of the home server 409 has a function simitar to that of the displaying means 64 
of the home server 51 described above for Figure 1 5, and the input section 470 of the home server 409 has a function 
similar to that of the inputting means 63 of the home server 51 described above for Figure 15. Moreover, the hard disk 

20 drive 471 of the home server 409 has a function similar to that of the mass storage section 68 of the home server 51 
described above for Figure 15, and at the same time, the modem 473 and the network interface 474 as well as the 
IEEE 1394 interface 472 has a function similar to that of the communication section 61 of the home server 51 described 
above for Figure 15, and the RAM 467 of the home server 409 has a function similar to that of the external memory 
67 of the home server 51 described above for Figure 1 5. 

25 [0910] Therefore, the home server 409 of a personal computer configuration can realize a function similar to that of 
the home server 51 described above for Figure 15 in accordance with the various kinds of programs. 
[091 1] Incidentally, in the home server 409, various kinds of programs may be recorded in the hard disk of the hard 
disk drive 471 in advance instead of the ROM 468, or the hard disk drive 471 may be caused to function in the similar 
manner as the external memory 67 described above for Figure 15. In addition, in the home server 409, the modem 

30 473 and the network interface 474 may be a single interface such as a modem depending on a communication form 
with the service provider 407 and the electronic distribution service center 401 . Moreover, in the home server 409, the 
fixed apparatus 410 and the portable apparatus 411 may be line connected via a predetermined signal cable such as 
an USB cable or an RS-232C cable, or may be wireless connected via predetermined wireless communicating means. 
[0912] On the other hand, in the user home network 408, the control section 475 of the fixed apparatus 410 reads 

35 out various kinds of programs stored in the ROM 478 in advance and develops them on the RAM 477, thereby capable 
of executing processing similar to the upper controller 72, the encryption processing section 73 and the extension 
section 74 of the fixed apparatus 52 described above for Figure 15 in accordance with the various kinds of programs. 
[0913] In addition, the display 479 of the fixed apparatus 410 has a function similar to the displaying means 78 of 
the fixed apparatus 52 described above for Figure 1 5, and at the same time, the input section 480 has a function similar 

40 to that of the inputting means 77 of the fixed apparatus 52 described above for Figure 1 5, and the IEEE1394 interface 
485 has a function similar to that of the communication section 71 of the fixed apparatus 52 described above for Figure 
15. Moreover, the record reproduction section 481 of the fixed apparatus 410 has a function similar to that of the record 
reproduction section 76 of the fixed apparatus 52 described above for Figure 15, and at the same time, the recording 
medium 482 has a function similar to the recording medium 80 of the fixed apparatus 52 described above for Figure 

45 15, and the RAM 477 of the fixed apparatus 410 has a function similar to that of the external memory 79 and the small 
storage section 75 of the fixed apparatus 52 described above for Figure 15. 

[0914] Therefore, the fixed apparatus 41 0 of the user home network 408 can realize a function similar to that of the 
fixed apparatus 52 of the user home network 5 described above for Figure 1 5 in accordance with various kinds of 
programs. 

so [0915] Incidentally, in the fixed apparatus 410, by providing a hard disk drive anew, various kinds of programs may 
be recorded in a hard disk of the hard disk drive in advance instead of the ROM 478, or the hard disk drive may be 
caused to function in the similar manner as the external memory 79 and the small storage section 75 of the fixed 
apparatus 52 described above for Figure 15. In addition, in the fixed apparatus 410, if the recording medium 482 is a 
semiconductor memory configuration, the control section 475 maybe caused to realize a function of the record repre- 
ss duction section 481 in accordance with a predetermined program. 

[0916] In the user home network 408, the control section 490 of the portable apparatus 411 reads out various kind 
of programs stored in the ROM 493 in advance and develops them on the RAM 492, thereby capable of executing 
processing similar to that of the upper controller 82, the encryption processing section 83 and the extension section 
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84 of the portable apparatus 53 described above for Figure 15 in accordance with the various kinds of programs. 
[0917] In addition, the RAM 492 of the portable apparatus 411 has a function similar to that of the external memory 

85 of the portable apparatus 53 described above for Figure 15, and the IEEE1394 interface 497 has a function similar 
to that of the communication section 81 of the portable apparatus 53 described above for Figure 15. Moreover, in the 

5 portable apparatus 411 , the display 494 and the input section 495 can be utilized at the time of reproducing contents. 
[0918] Therefore, the portable apparatus 411 of the user home network 408 can realize a function similar to that of 
the portable apparatus 53 of the user home network 5 described above for Figure 15 in accordance with various kinds 
of programs. 

[0919] Incidentally, in the portable apparatus 411, a detachable recording medium may be provided for recording 
10 and reproducing contents. 

[0920] In the above-mentioned configuration, in such an electronic music distribution system 400, the electronic 
distribution service center 401 , the content provider 404, the service provider 407 and the home server 409 of the user 
home network 408 are respectively configured as a personal computer configuration. 

[0921] Therefore, in the electronic music distribution system 400, the electronic distribution service center 401, the 
15 content provider 404, the service provider 407 and the home server 409 do not need to be produced in a hardware 
configuration anew, and the system can be easily constructed using these personal computers simply by installing 
various kinds of programs in an existing personal computer. 

[0922] According to the above-mentioned configuration, by constructing the electronic music distribution system 400 
using the electronic distribution service center 401, the content provider 404, the service provider 407 and the jjome 
20 server 409 of a personal computer configuration, an existing personal computer can be easily used as the electronic 
distribution service center 401, the content provider 404, the service provider 407 and the home server 409, thus the 
system can be easily and simply constructed. 

[0923] Further, in such an electronic music distribution system 400, although the case in which the electronic distri- 
bution service center 401 , the content provider 404, the service provider 407, the home server 409, the fixed apparatus 

25 410 and the portable apparatus 411 are operated in accordance with various kinds of programs stored in the ROMs 
418, 428, 438, 448, 457, 468, 478 and 493 in advance has been described, by installing a program storing medium 
recording various kinds of programs in the electronic distribution service center 401, the content provider 404, the 
service provider 407, the home server 409, the fixed apparatus 410 and the portable apparatus 411 , distribution service 
center 401, the content provider 404, the service provider 407, the home server 409, the fixed apparatus 410 and the 

30 portable apparatus 411 may be operated respectively in accordance with the various kinds of programs stored in the 
program storing medium and various kinds of programs transferred to a hard disk or the like from the program storing 
medium. 

[0924] Incidentally, a program storing medium used for operating distribution service center 401 , the content provider 
404, the service provider 407, the home server 409, the fixed apparatus 410 and the portable apparatus 411 may be 
35 realized not only by a package medium such as a CD-ROM (Compact Disk-Read Only Memory) but also a semicon- 
ductor memory and a magnetic disk in which a program is temporarily or permanently stored. In addition, as means 
for storing a program in these program storing media, a line or wireless communication medium such as a local area 
network, the Internet, the digital satellite broadcast, or the like may be utilized, or a program may be stored with inter- 
position of various kinds of communication interfaces such as a rooter or a modem. 

40 

Industrial Applicability 

[0925] The present invention can be utilized for an information transmission apparatus such as a provider for pro- 
viding contents such as music, video, a game program or the like, an Information receipt apparatus such as a personal 
45 computer or a cellular phone for receiving the provided contents, and a network system that is constructed from these 
information transmission apparatus and information receipt apparatus. 



Claims 

50 

1. An information sending system for sending predetermined contents data from an information sending apparatus 
to an information receiving apparatus, wherein said information sending apparatus comprises: 

means for holding identification information to identify said information sending apparatus encrypted by a 
55 distribution key unique to said information receiving apparatus; 

means for adding said identification information to said contents data in order to make a comparison with said 
identification information encrypted by said distribution key; and 

means for sending said identification information encrypted by said distribution key together with said contents 
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data with said identification information added; and 
said information receiving apparatus comprises: 

means for holding said distribution key; 

means for receiving said contents data with said identification information added and said identification 
information encrypted by said distribution key; 

means for decrypting by said distribution key said identification information encrypted by the distribution 
key; and 

means for comparing said identification information added to said contents data with said decrypted iden- 
tification information. 

The information sending system according to claim 1 , wherein said information sending apparatus comprises: 

means for generating handling policies, that is, generating contents handling policies prescribing conditions 
for using said contents data and storing said identification information, and 
" said means for adding identification information adds said contents handling policies to said contents data. 

The information sending system according to claim 1, wherein said means for adding identification information of 
said information sending apparatus directly adds said identification information to said contents data. 

The information sending system according to claim 1 , wherein said information sending apparatus comprises: 

means for encrypting said contents data by a predetermined content key; 
means for encrypting said contents key by a predetermined individual key; 

means for adding signature data for checking illegal data and tampering to said contents key encrypted by 
said individual key and said identification information encrypted by said distribution key; and 
said information receiving apparatus comprises means for verifying said signature data. 

The information sending system according to claim 4, wherein said means for adding a signature of said information 
sending apparatus adds said signature data to said contents data encrypted by said content key, and if album 
contents data storing a plurality of said contents data encrypted by said content key to which the signature data 
is added is generated, it also adds said signature data to the album contents data; and 

said means for verifying a signature of said information receiving apparatus verifies said signature data added 
to said album contents data, and if it determines that said album contents data is correct data as a result of the 
verification, it omits verification of said signature data added to each of said contents data encrypted by said content 
key stored in said album contents data. 

The information sending system according to claim 5, wherein said means for adding a signature of said information 
sending apparatus adds said signature data to said contents key encrypted by said individual key and said iden- 
tification information encrypted by said distribution key respectively, and corresponding to said album contents 
data, if album key data is generated by storing a plurality of said contents keys encrypted by said individual key 
and said identification information encrypted by said distribution key to which said signature data is added, it also 
adds said signature data to the album key data; and 

said means for verifying a signature of said information receiving apparatus verifies said signature data added 
to said album key data, and if it determines that said album key data is correct data as a result of the verification, 
it omits verification of said signature data added to said contents key encrypted by said individual key and said 
identification information encrypted by said distribution key stored in the album key data respectively 

The information sending system according to claim 6, wherein said information sending apparatus comprises: 

means for generating handling policies, that is, generating contents handling policies prescribing conditions 
for using said contents data and storing said identification information, and 

said means for adding a signature of said information sending apparatus adds said signature data to said 
contents data handling policies, and corresponding to said album contents data, if album handling policies are 
generated by storing a plurality of said contents handling policies to which said signature data is added, it also 
adds said signature data to the album handling policies; and 

said means for verifying a signature of said information receiving apparatus verifies said signature data added 
to said album handling policies, and if it determines that said album handling policies are correct data as a 
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result of the verification, it omits verification of said signature data added to said contents handling policies 
stored in the album handling policies. 

8. The information sending system according to claim 7, wherein said information sending apparatus comprises the 
means for 

creating contents price information showing a price for said contents data, and 

said means for adding a signature of said information sending apparatus adds said signature data to said 
contents price information, and corresponding to said album contents data, if album price information data 
storing a plurality of said contents price information to which said signature data is added is generated, it also 
adds said signature data to the album price information; and 

said means for verifying a signature of said information receiving apparatus verifies said signature data added 
to said album price information, and if it determines that said album price information is correct data as a result 
of the verification, it omits verification of said signature data added to said contents price information stored 
in the album price information. 

9. The information sending system according to claim 8 wherein: 

said means for generating handling policies of said information sending apparatus generates said contents 
handling policies storing signature verification information representing whether or not said signature data 
added to said contents data encrypted by said content key is verified; and 

said means for verifying a signature of said information receiving apparatus verifies said signature data added 
to said contents data encrypted by said content key only when instructed to verify said signature data added 
to said contents data encrypted by said content key based on said signature verification information stored in 
said contents handling policies. 

10. The information sending system according to claim 9 wherein: 

said means for generating handling policies of said information sending apparatus generates said contents 
handling policies storing said signature verification information representing whether or not said signature data 
added to said album contents data is verified; and 

said means for verifying a signature of said information receiving apparatus verifies said signature data added 
to said album contents data only when instructed to verify said signature data added to the album contents 
data based on said signature verification information stored in said contents handling policies. 

11. The information sending system according to claim 8 wherein: 

said means for creating price information of said information sending apparatus creates said contents price 
information storing signature verification information representing whether or not said signature data added 
to said contents data encrypted by said content key is verified; and 

said means for verifying a signature of said information receiving apparatus verifies said signature data added 
to said contents data encrypted by said content key only when instructed to verify said signature data added 
to said contents data encrypted by the content key based on said signature verification information stored in 
said contents price information. 

12. The information sending system according to claim 11 wherein: 

said means for creating price information of said information sending apparatus creates said contents price 
information storing said signature verification information representing whether or not said signature data add- 
ed to said album contents data is verified; and 

said means for verifying a signature of said information receiving apparatus verifies said signature data added 
to said album contents data only when instructed to verify said signature data added to the album contents 
data based on said signature verification information stored in said contents price information. 

13. The information sending system according to claim 12 wherein: 

said means for generating handling policies of said information sending apparatus generates said contents 
handling policies prescribing that another specific contents data of said may be acquired only when said specific 
contents data is acquired. 
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14. An information sending apparatus for sending predetermined contents data to an information receiving apparatus, 
comprising: 

means for holding identification information to identify said information sending apparatus encrypted by a 
5 distribution key unique to said information receiving apparatus; 

means for adding said identification information to said contents data in order to make a comparison with said 
identification information encrypted by said distribution key; and 

means for sending said identification information encrypted by said distribution key together with said contents 
data with said identification information added. 

10 

15. The information sending apparatus according to claim 14 comprising: 

means for generating handling policies, that is, generating contents handling policies prescribing conditions 
for using said contents data and storing said identification information, and wherein: 
15 - said means for adding identification information adds said contents handling policies to said contents data. 

16. The information sending apparatus according to claim 14 wherein: 

said means for adding identification information adds said identification information to said contents data. 

20 17. The information sending apparatus according to claim 14, comprising: 

means for encrypting said contents data by a predetermined content key; 
means for encrypting said contents key by a predetermined individual key; 

means for adding signature data for checking illegal data and tampering to said contents key encrypted by 
25 said individual key and said identification information encrypted by said distribution key in said information 

receiving apparatus. 

18. The information sending apparatus according to claim 17, wherein said means for adding a signature adds said 
signature data to said contents data encrypted by said content key, and if album contents data storing a plurality 

30 of said contents data encrypted by said content key to which said signature data is added is generated, it also 

adds said signature data to the album contents data. 

19. The information sending apparatus according to claim 18, wherein said means for adding a signature adds said 
signature data to said contents key encrypted by said individual key and said identification information encrypted 

35 by said distribution key respectively, and corresponding to said album contents data, if album key data is generated 

by storing a plurality of the contents keys encrypted by said individual key and said identification information en- 
crypted by said distribution key to which said signature data is added, it also adds said signature data to the album 
key data. 

40 20. The information sending apparatus according to claim 19, comprising the means for generating handling policies, 

that is, generating contents handling policies prescribing conditions for using said contents data and storing said 

identification information, and wherein: 

said means for adding a signature adds said signature data to said contents data handling policies, and 

corresponding to said album contents* data, if aTbum handling poli&es are generated by storing a plurality of said 
45 contents handling policies to which said signature data is added, it also adds said signature data to the album 

handling policies. 

21. The information sending apparatus according to claim 20, comprising the means for creating contents price infor- 
mation showing a price for said contents data, and wherein: 
50 said means for adding a signature adds said signature data to said contents price information, and corre- 

sponding to said album contents data, if album price information data storing a plurality of said contents price 
information to which said signature data is added is generated, it also adds said signature data to the album price 
information. 

55 22. The information sending apparatus according to claim 21 wherein: 

said means for generating handling policies generates said contents handling policies storing signature ver- 
ification information representing whether or not said signature data added to said contents data encrypted by said 
content key is verified 
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23. The information sending apparatus according to claim 22 wherein: 

said means for generating handling policies generates said contents handling policies storing said signature 
verification information representing whether or not said signature data added to said album contents data is ver- 
ified. 

5 

24. The information sending apparatus according to claim 21 wherein: 

said means for creating price information creates said contents price information storing signature verification 
information representing whether or not said signature data added to said contents data encrypted by said content 
key is verified. 

10 

25. The information sending apparatus according to claim 24 wherein: 

said means for creating price information creates said contents price information storing said signature ver- 
ification information representing whether or not said signature data added to said album contents data is verified. 

15 26. The information sending apparatus according to claim 25 wherein: 

said means for generating handling policies generates said contents handling policies prescribing that an- 
other specific contents data of said may be acquired only when said specific contents data is acquired. 

27. An information receiving apparatus for receiving predetermined contents data sent from an information sending 
20 apparatus, comprising: 

means for holding a predetermined distribution key unique to said information receiving apparatus; 
means for receiving said contents data with identification information added to identify said information sending 
apparatus and said identification information encrypted by said distribution key sent from said information 
25 sending apparatus; 

means for decrypting by said distribution key said identification information encrypted by the distribution key; 
and 

means for comparing said identification information added to said contents data with said decrypted identifi- 
cation information. 

30 

28. The information receiving apparatus according to claim 27, comprising: 

means for performing a purchasing procedure for said contents data; and wherein: 

said means for receiving receives said contents data sent from said information sending apparatus and corv 
35 tents handling policies prescribing conditions for using said contents data added to the contents data and 

storing said identification information; 

said means for comparing compares said identification information stored in said contents handling policies 
with said identification information that is decrypted; and 

when said identification information compared in said means for comparing mutually matches, said means for 
40 performing a purchasing procedure performs said purchasing procedure of said contents data by using said 

contents handling policies. 

29. The information receiving apparatus according to claim 27, wherein: 

said means for receiving receives said contents data sent from said information sending apparatus and said 
45 identification information directly added to the contents data. 

30. The information receiving apparatus according to claim 27, comprising the means for verifying a signature, that 
is, verifying signature data added to said content key encrypted by said individual key and said identification in- 
formation encrypted said distribution key sent from said information sending apparatus together with said contents 

50 data encrypted by a predetermined contents key and said contents key encrypted by a predetermined individual 

key, and detecting whether or not said content key encrypted by said individual key and said identification infor- 
mation encrypted said distribution key are illegal data and tampered data. 

31. The information receiving apparatus according to claim 30, wherein said means for verifying a signature verifies 
55 said signature data added to said album contents data, of said signature data added to said contents data encrypted 

by said content key and said signature data added to album contents data storing a plurality of said contents data 
encrypted by said content key, sent from said information sending apparatus, and if it determines that said album 
contents data is correct data as a result of the verification, it omits verification of said signature data added to each 
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of said contents data encrypted by said content key stored in the album contents data. 

32. The information receiving apparatus according to claim 31, wherein said means for verifying a signature verifies 
said signature data added to the album key data, of said signature data added said contents key encrypted by 

5 said individual key and said identification information encrypted by said distribution key respectively and said sig- 

nature data added to album key data storing a plurality of said contents keys encrypted by said individual key and 
said identification information encrypted by said distribution key to which said signature data is added correspond- 
ing to said album contents data, sent from said information sending apparatus, and if it determines that said album 
key data is correct data as a result of the verification, it omits verification of said signature data added to said 

10 contents key encrypted by said individual key and said identification information encrypted by said distribution key 

stored in the album key data respectively. 

33. The information receiving apparatus according to claim 32, wherein said means for verifying a signature verifies 
said signature data added to album handling policies, of said signature data added to contents handling policies 

is prescribing conditions for using said contents data and storing said identification information and said signature 

data added to said album handling policies storing a plurality of said contents handling policies to which said 
signature data is added corresponding to said album contents data, sent from said information sending apparatus, 
and if it determines that said album handling policies are correct data as a result of the verification, it omits verifi- 
cation of said signature data added to said contents handling policies stored in the album handling policies. 

20 

34. The information receiving apparatus according to claim 33, wherein said means for verifying a signature verifies 
said signature data added to the album price information, of said signature data added to contents price information 
showing a price for said contents data and said signature data added to the album price information data storing 
a plurality of said contents price information to which said signature data is added corresponding to said album 

25 contents data, sent from said information sending apparatus, and if it determines that said album price information 

is correct data as a result of the verification, it omits verification of said signature data added to said contents price 
information stored in the album price information. 

35. The information receiving apparatus according to claim 34, wherein said means for verifying a signature verifies 
30 said signature data added to said contents data encrypted by said content key, only when instructed to verify said 

signature data based on said signature verification information stored in the contents handling policies, of said 
contents data encrypted by said content key, said signature data added to said contents data encrypted by said 
content key and said contents handling policies storing signature verification information representing whether or 
not the signature data is verified, sent from said information sending apparatus. 

35 

36. The information receiving apparatus according to claim 35, wherein said means for verifying a signature verifies 
said signature data added to said album contents data, only when instructed to verify said signature data based 
on said signature verification information stored in the contents handling policies, of said album contents data, 
said signature data added to said album contents data and said contents handling policies storing said signature 

40 verification informa tion representing whether or not the signature data is verified, sent from said information sending 

apparatus. 

37. The information receiving apparatus according to claim 34, wherein saip* means for verifying a signature verifies 
said signature data added to said contents data encrypted by said content key, only when instructed to verify said 

45 signature data based on said signature verification information stored in the contents price information, of said 

contents data encrypted by said content key, said signature data added to said contents data encrypted by the 
content key, and said contents price information storing signature verification information representing whether or 
not the signature data is verified, sent from said information sending apparatus. 

50 38. The information receiving apparatus according to claim 37, wherein said means for verifying a signature verifies 
said signature data added to said album contents data, only when instructed to verify said signature data based 
on said signature verification information stored in the contents price information, of said album contents data, 
said signature data added to the album contents data and said contents price information storing said signature 
verification information representing whether or not the signature data is verified, sent from said information sending 

55 apparatus. 

39. The information receiving apparatus according to claim 38, wherein said means for receiving receives said contents 
handling policies prescribing that receipt of another specific contents data of said is allowed only when said specific 
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contents data is acquired. 

40. An information sending method for sending predetermined contents data from an information sending apparatus 
to an information receiving apparatus, comprising: 

5 

an identification information adding step of, by said information sending apparatus, adding to said contents 
data identification information to identify the information sending apparatus; and 

a sending step of, by said information sending apparatus, sending contents data with said identification infor- 
mation added and identification information to identify said information sending apparatus encrypted by a 

10 distribution key unique to said information receiving apparatus; 

a receiving step of, by said information receiving apparatus, receiving said contents data with said identification 
information added and said identification information encrypted by said distribution key; 
a decrypting step of, in said information receiving apparatus, decrypting by said distribution key said identifi- 
cation information encrypted by said distribution key; and 

15 a comparing step of, by said information receiving apparatus, comparing said identification information added 

to said contents data with said decrypted identification information. 

41. The information sending method according to claim 40, comprising: 

20 a handling policies generating step of, by said information sending apparatus, generating contents handling 

policies prescribing conditions for using said contents data and storing said identification information, and 
a handling policies adding step of adding said contents handling policies to said contents data. 

42. The information sending method according to claim 40, wherein said identification information adding step directly 
25 adds said identification information to said contents data. 

43. The information sending method according to claim 40, comprising: 

a contents data encrypting step of, by said information sending apparatus, encrypting said contents data by 
30 a predetermined content key; 

a contents key encrypting step of, by said information sending apparatus, encrypting said contents key by a 
predetermined individual key; 

a signature adding step of, by said information sending apparatus, adding signature data for checking illegal 
data and tampering to said contents key encrypted by said individual key and said identification information 
35 encrypted by said distribution key; and 

a signature verifying step of, by said information receiving apparatus, verifying said signature data added to 
said contents key encrypted by individual key and identification information encrypted by said distribution key. 

44. The information sending method according to claim 43, wherein said signature adding step adds said signature 
40 data to said contents data encrypted by said content key, and if album contents data storing a plurality of said 

contents data encrypted by said content key to which the signature data is added is generated, it also adds said 
signature data to the album contents data; and 

said signature verifying step verifies said signature data added to said album contents data, and if it deter- 
mines that said album contents data is correct data as a result of the verification, it omits verification of said signature 
45 data added to each of said contents data encrypted by said content key stored in said album contents data. 

45. The information sending method according to claim 44, wherein said signature adding step adds said signature 
data to said contents key encrypted by said individual key and said identification information encrypted by said 
distribution key respectively, and corresponding to said album contents data, if album key data is generated by 

50 storing a plurality of contents key encrypted by said individual key and said identification information encrypted by 

said distribution key to which said signature data is added, it also adds said signature data to the album key data; 
and 

said signature verifying step verifies said signature data added to said album key data, and if it determines 
that said album key data is correct data as a result of the verification, it omits verification of said signature data 
55 added to said contents key encrypted by said individual key and said identification information encrypted by said 

distribution key stored in said album key data respectively. 

46. The information sending method according to claim 45, comprising a handling policies generating step of gener- 
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ating contents handling policies prescribing conditions for using said contents data and storing said identification 
information, and wherein: 

said signature adding step adds said signature data to said contents data handling policies, and corresponding 
5 to said album contents data, if album handling policies are generated by storing a plurality of said contents 

handling policies to which said signature data is added, it also adds said signature data to the album handling 
policies; and 

said signature verifying step verifies said signature data added to said album handling policies, and if it deter- 
mines that said album handling policies are correct data as a result of the verification, it omits verification of 
10 said signature data added to said contents handling policies stored in the album handling policies. 

47. The information sending method according to claim 46, comprising the step of creating contents price information 
showing a price for said contents data, and wherein: 

is -said signature adding step adds said signature data to said contents price information, and corresponding to 

said album contents data, if album price information data storing a plurality of said contents price information 
to which said signature data is added is generated, it also adds said signature data to the album price infor- 
mation; and 

said signature verifying step verifies said signature data added to said album price information, and if it deter- 
20 mines that said album price information is correct data as a result of the verification, it omits verification of 

said signature data added to said contents price information stored in the album price information. 

48. The information sending method according to claim 47 wherein: 

25 said handling policies generating step generates said contents handling policies storing signature verification 

information representing whether or not said signature data added to said contents data encrypted by said 
content key is verified; and 

said signature verifying step verifies said signature data added to said contents data encrypted by said content 
key only when instructed to verify said signature data added to said contents data encrypted by the content 
30 key based on said signature verification information stored in said contents handling policies. 

49. The information sending method according to claim 48 wherein: 

said handling policies generating step generates said contents handling policies storing said signature verrfi- 
35 cation information representing whether or not said signature data added to said album contents data is ver- 

ified; and 

said signature verifying step verifies said signature data added to said album contents data only when instruct- 
ed to verify said signature data added to the album contents data based on said signature verification infor- 
mation stored in said contents handling policies. 

40 

50. The information sending method according to claim 47 wherein: 

said price information creating step creates said contents price information storing signature verification infor- 
mation representing whether or not said signature data added to said contents data encrypted by said content 
45 key is verified; and 

said signature verifying step verifies said signature data added to said contents data encrypted by said content 
key only when instructed to verify said signature data added to said contents data encrypted by said content 
key based on said signature verification information stored in said contents price information. 

50 51. The information sending method according to claim 50 wherein: 

said price information creating step creates said contents price information storing said signature verification 
information representing whether or not said signature data added to said album contents data is verified; and 
said signature verifying step verifies said signature data added to said album contents data only when instruct- 
55 ed to verify said signature data added to said album contents data based on said signature verification infor- 

mation stored in said contents price information. 

52. The information sending method according to claim 51 wherein: 
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said handling policies generating step generates said contents handling policies prescribing that another 
specific contents data of said may be acquired only when said specific contents data is acquired. 

53. An information sending method for sending predetermined contents data to an information receiving apparatus, 
5 comprising: 

an identification information adding step of adding said identification information to said contents data in order 
to make a comparison with identification information for identifying said information sending apparatus en- 
crypted by a predetermined distribution key unique to said information receiving apparatus and held in ad- 
10 vance; and 

a sending step of sending said identification information encrypted by said distribution key to said information 
receiving apparatus together with said contents data with said identification information added. 

54. The information sending method according to claim 53 comprising the steps of: 

15 

a handling policies generating step of generating contents handling policies prescribing conditions for Using 

said contents data and storing said identification information, and wherein: 

a handling policies adding step of adding said contents handling policies to said contents data. 

20 55. The information sending method according to claim 53 wherein: 

said identification information adding step directly adds said identification information to said contents data. 

56. The information sending method according to claim 53, comprising: 

25 a contents data encrypting step of encrypting said contents data by a predetermined content key; 

a contents key encrypting step of encrypting said contents key by a predetermined individual key; 
a signature adding step of adding signature data for checking illegal data and tampering to said contents key 
encrypted by said individual key and said identification information encrypted by said distribution key in said 
information receiving apparatus. 

30 

57. The information sending method according to claim 56, wherein said signature adding step adds said signature 
data to said contents data encrypted by said content key. and if album contents data storing a plurality of said 
contents data encrypted by said content key to which said signature data is added is generated, it also adds said 
signature data to the album contents data. 

35 

58. The information sending method according to claim 57, wherein said signature adding step adds said signature 
data to said contents key encrypted by said individual key and said identification information encrypted by said 
distribution key respectively, and corresponding to said album contents data, if album key data is generated by 
storing a plurality of the contents keys encrypted by said individual key and said identification information encrypted 

40 by said distribution key to which said signature data is added, it also adds said signature data to the album key data. 

59. The information sending method according to claim 58, comprising a handling policies generating step of gener- 
ating contents handling policies prescribing conditions for using said contents data and storing said identification 
information, and wherein: 

45 said signature adding step adds said signature data to said contents data handling policies, and correspond- 

ing to said album contents data, if album handling policies are generated by storing a plurality of said contents 
handling policies to which said signature data is added, it also adds said signature data to the album handling 
policies. 

50 60. The information sending method according to claim 59, comprising a price information creating step of creating 
contents price information showing a price for said contents data, and wherein: 

said signature adding step adds said signature data to said contents price information, and corresponding 
to said album contents data, if album price information data storing a plurality of said contents price information 
to which said signature data is added is generated, it also adds said signature data to the album price information. 

55 

61. The information sending method according to claim 60 wherein: 

said handling policies generating step generates said contents handling policies storing signature verification 
information representing whether or not said signature data added to said contents data encrypted by said content 
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key is verified. 



62. The information sending method according to claim 61 wherein: 

said handling policies generating step generates said contents handling policies storing said signature ver- 
5 ification information representing whether or not said signature data added to said album contents data is verified. 

63. The information sending method according to claim 60 wherein: 

said price information creating step creates said contents price information storing signature verification in- 
formation representing whether or not said signature data added to said contents data encrypted by said content 
10 key is verified. 

64. The information sending method according to claim 63 wherein: 

said price information creating step creates said contents price information storing said signature verification 
information representing whether or not said signature data added to said album contents data is verified. 
15 ? 

65. The information sending method according to claim 64 wherein: 

said handling policies generating step generates said contents handling policies prescribing that another 
specific contents data of said may be acquired only when said specific contents data is acquired. 

20 66. An information receiving method for receiving predetermined contents data sent from an information sending ap- 
paratus, comprising: 

a receiving step of receiving said contents data with identification information added to identify said information 
sending apparatus and said identification information encrypted by a predetermined distribution key unique 
25 to said information receiving apparatus sent from said information sending apparatus; 

a decrypting step of decrypting by said distribution key said identification information encrypted by the distri- 
bution key; and 

a comparing step of comparing said identification information added to said contents data with said decrypted 
identification information. 

30 

67. The information receiving method according to claim 66, comprising a purchasing step of performing a purchasing 
procedure for said contents data, wherein: 

said receiving step receives said contents data sent from said information sending apparatus and contents 
35 handling policies prescribing conditions for using said contents data added to the contents data and storing 

said identification information; 

said comparing step compares said identification information stored in said contents handling policies with 
said identification information that is decrypted; and 

when said identification information compared in said comparing step mutually matches, said purchasing step 
40 performs said purchasing procedure of said contents data by using said contents handling policies. 

68. The information receiving method according to claim 66, wherein: 

said comparing. step, compares said identification information directly added to said contents data with said . 
decrypted identification information. * 

45 

69. The information receiving method according to claim 66, comprising a signature verifying step of verifying signature 
data added to said content key encrypted by said individual key and said identification information encrypted said 
distribution key sent from said information sending apparatus together with said contents data encrypted by the 
predetermined content key and said contents key encrypted by the predetermined individual key, and detecting 

50 whether or not said content key encrypted by said individual key and said identification information encrypted said 

distribution key are illegal data and tampered data. 

70. The information receiving method according to claim 69. wherein said signature verifying step verifies said signa- 
ture data added to said album contents data, of said signature data added to said contents data encrypted by said 

55 content key and said signature data added to album contents data storing a plurality of said contents data encrypted 

by said content key, sent from said information sending apparatus, and if it determines that said album contents 
data is correct data as a result of the verification, it omits verification of said signature data added to each of said 
contents data encrypted by said content key stored in the album contents data. 
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71. The information receiving method according to claim 70, wherein said signature verifying step verifies said signa- 
ture data added to the album key data, of said signature data added to said contents key encrypted by said individual 
key and said identification information encrypted by said distribution key respectively and said signature data added 
to album key data storing a plurality of said contents keys encrypted by said individual key and said identification 
information encrypted by said distribution key corresponding to said album contents data, sent from said information 
sending apparatus, and if it determines that said album key data is correct data as a result of the verification, it 
omits verification of said signature data added to said contents key encrypted by said individual key and said 
identification information encrypted by said distribution key stored in the album key data respectively. 

72. The information receiving method according to claim 71, wherein said signature verifying step verifies said signa- 
ture data added to the album handling policies, of said signature data added to contents handling policies pre- 
scribing conditions for using said contents data and storing said identification information and said signature data 
added to said album handling policies storing a plurality of said contents handling policies corresponding to said 
album contents data, sent from said information sending apparatus, and if it determines that said album handling 
policies are correct data as a result of the verification, it omits verification of said signature data added to said 
contents handling policies stored in the album handling policies. 

73. The information receiving method according to claim 72, wherein said signature verifying step verifies said signa- 
ture data added to the album price information, of said signature data added to contents price information showing 
a price for said contents data and said signature data added to the album price information data storing a plurality 
of said contents price information corresponding to said album contents data, sent from said information sending 
apparatus, and if it determines that said album price information is correct data as a result of the verification, it 
omits verification of said signature data added to said contents price information stored in the album price infor- 
mation. 

74. The information receiving method according to claim 73, wherein said signature verifying step verifies said signa- 
ture data added to said contents data encrypted by the content key, only when instructed to verify said signature 
data based on said signature verification information stored in the contents handling policies, of said contents data 
encrypted by said content key, said signature data added to said contents data encrypted by said content key and 
said contents handling policies storing signature verification information representing whether or not the signature 
data is verified, sent from said information sending apparatus. 

75. The information receiving method according to claim 74, wherein said signature verifying step verifies said signa- 
ture data added to said album contents data, only when instructed to verify said signature data based on said 
signature verification information stored in the contents handling policies, of said album contents data, said sig- 
nature data added to said album contents data and said contents handling policies storing said signature verification 
information representing whether or not the signature data is verified, sent from said information sending apparatus. 

76. The information receiving method according to claim 73, wherein said signature verifying step verifies said signa- 
ture data added to said contents data encrypted by said content key, only when instructed to verify said signature 
data based on said signature verification information stored in the contents price information, of said contents data 
encrypted by said content key, said signature data added to said contents data encrypted by the content key, and 

* said contents price information stpring signature verification information representing whether or not the signature 

• data is verified, sent from said information sending apparatus. - - 

77. The information receiving method according to claim 76, wherein said signature verifying step verifies said signa- 
ture data added to said album contents data, only when instructed to verify said signature data based on said 
signature verification information stored in the contents price information, of said album contents data, said sig- 
nature data added to the album contents data and said contents price information storing said signature verification 
information representing whether or not the signature data is verified, sent from said information sending apparatus. 

78. The information receiving method according to claim 77 wherein: 

said receiving step receives said contents handling policies prescribing that another specific contents data 
of said may be acquired only when said specific contents data is acquired. 

79. A program storage medium storing a predetermined program and supplying the program to an information sending 
apparatus, characterized in that said program comprises: 
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an identification information adding step of adding said identification information to said contents data in order 
to make a comparison with identification information for identifying said information sending apparatus en- 
crypted by a predetermined distribution key unique to said information receiving apparatus and held in ad- 
vance; and 

a sending step of sending to said information receiving apparatus said identification information encrypted by 
said distribution key together with said contents data with said identification information added. 

80. The program storage medium according to claim 79, characterized in that said program comprises: 

a handling policies generating step of generating contents handling policies prescribing conditions for using 
said contents data and storing said identification information; and 

a handling policies adding step of adding said contents handling policies to said contents data. 

81. The program storage medium according to claim 79 wherein: 

said identification information adding step of said program adds said identification information to said contents 

data. 

82. The program storage medium according to claim 79, characterized in that said program comprises: 

a contents data encrypting step of encrypting said contents data by a predetermined content key, 

a contents key encrypting step of encrypting said contents key by a predetermined individual key; 

a signature adding step of adding signature data for checking illegal data and tampering to said contents key 

encrypted by said individual key and said identification information encrypted by said distribution key in said 

information receiving apparatus. 

83. The program storage medium according to claim 82, wherein said signature adding step of said program adds 
said signature data to said contents data encrypted by said content key, and if album contents data storing a 
plurality of said contents data encrypted by said content key to which said signature data is added is generated, 
it also adds said signature data to the album contents data. 

84. The program storage medium according to claim 83, wherein said signature adding step of said program adds 
said signature data to said contents key encrypted by said individual key and said identification information en- 
crypted by said distribution key respectively, and corresponding to said album contents data, if album key data is 
generated by storing a plurality of the contents keys encrypted by said individual key and said identification infor- 
mation encrypted by said distribution key to which said signature data is added, it also adds said signature data 
to the album key data. 

85. The program storage medium according to claim 84, characterized in that said program comprises a handling 
policies generating step of generating contents handling policies prescribing conditions for using said contents 
data and storing said identification information, and wherein: 

said signature adding step adds said signature data to said contents data handling policies, and correspond- 
ing to said album contents data, if album handling policies are generated by storing a plurality of said contents 
handling policies to which said signature data is added, it also adds said signature data to the album handling 
policies. • 

86. The program storage medium according to claim 85, characterized in that said program comprises a price infor- 
mation creating step of creating contents price information showing a price for said contents data, and wherein: 

said signature adding step adds said signature data to said contents price information, and corresponding 
to said album contents data, if album price information data storing a plurality of said contents price information 
to which said signature data is added is generated, it also adds said signature data to the album price information. 

87. The program storage medium according to claim 86 wherein: 

said handling policies generating step of said program generates said contents handling policies storing 
signature verification information representing whether or not said signature data added to said contents data 
encrypted by said content key is verified. 

88. The program storage medium according to claim 87 wherein: 

said handling policies generating step of said program generates said contents handling policies storing said 
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signature verification information representing whether or not said signature data added to said album contents 
data is verified. 

89. The program storage medium according to claim 86 wherein: 

said price information creating step of said program creates said contents price information storing signature 
verification information representing whether or not said signature data added to said contents data encrypted by 
said content key is verified. 

90. The program storage medium according to claim 89 wherein: 

said price information creating step of said program creates said contents price information storing said 
signature verification information representing whether or not said signature data added to said album contents 
data is verified. 

91. The program storage medium according to claim 90 wherein: 

said handling policies generating step of said program generates said contents handling policies prescribing 
that another specific contents data of said may be acquired only when said specific contents data is acquired. 

92. A program storage medium for storing a predetermined program and supplying the program to an information 
receiving apparatus, characterized in that said program comprises: 

r 

a receiving step of receiving predetermined contents data with identification information added to identify said 
information sending apparatus and said identification information encrypted by a predetermined distribution 
key unique to the information receiving apparatus sent from said information sending apparatus; 
a decrypting step of decrypting by said distribution key said identification information encrypted by the distri- 
bution key; and 

a comparing step of comparing said identification information added to said contents data with said decrypted 
identification information. 

93. The program storage medium according to claim 92, characterized in that said program comprises a purchasing 
step of performing a purchasing procedure for said contents data; and wherein: 

said receiving step receives said contents data sent from said information sending apparatus and contents 
handling policies prescribing conditions for using said contents data added to the contents data and storing 
said identification information; 

said comparing step compares said identification information stored in said contents handling policies with 
said identification information that is decrypted; and 

when said identification information compared in said comparing step mutually matches, said purchasing step 
performs said purchasing procedure of said contents data by using said contents handling policies. 

94. The program storage medium according to claim 92, wherein: 

said comparing step of said program compares said identification information directly added to said contents 
data with said identification information that is decrypted. 

95. The program storage medium according to claim 92. characterized in that said program comprises a signature 
verifying step of verifying signature data added to said content key encrypted by said individual key and said 
identification information encrypted said distribution key sent from said information sending apparatus together 
with said contents data encrypted by a predetermined contents key and said contents key encrypted by a prede- 
termined individual key, and detecting whether or not said content key encrypted by said individual key and said 
identification information encrypted said distribution key are illegal data and tampered data. 

96. The program storage medium according to claim 95, wherein a signature verifying step of said program verifies 
said signature data added to the album contents data, of said signature data added to said contents data encrypted 
by said content key and said signature data added to album contents data storing a plurality of said contents data 
encrypted by said content key, sent from said information sending apparatus, and if it determines that said album 
contents data is correct data as a result of the verification, it omits verification of said signature data added to each 
of said contents data encrypted by said content key stored in the album contents data. 

97. The program storage medium according to claim 96, wherein said signature verifying step of said program verifies 
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said signature data added to the album key data, of said signature data added said contents key encrypted by 
said individual key and said identification information encrypted by said distribution key respectively and said sig- 
nature data added to album key data storing a plurality of said contents keys encrypted by said individual key and 
said identification information encrypted by said distribution key corresponding to said album contents data, sent 
5 from said information sending apparatus, and if it determines that said album key data is correct data as a result 

of the verification, it omits verification of said signature data added to said contents key encrypted by said individual 
key and said identification information encrypted by said distribution key stored in the album key data respectively. 

98. The program storage medium according to claim 97, wherein said signature verifying step of said program verifies 
10 said signature data added to the album handling policies, of said signature data added to contents handling policies 

prescribing conditions for using said contents data and storing said identification information and said signature 
data added to said album handling policies storing a plurality of said contents handling policies corresponding to 
said album contents data, sent from said information sending apparatus, and if it determines that said album 
handling policies are correct data as a result of the verification, it omits verification of said signature data added 
* 5 to said contents handling policies stored in the album handling policies. 

99. The program storage medium according to claim 98, wherein said signature verifying step of said program verifies 
said signature data added to the album price information, of said signature data added to contents price information 
showing a price for said contents data and said signature data added to the album price information data storing 

20 a plurality of said contents price information corresponding to said album contents data, sent from said information 

sending apparatus, and if it determines that said album price information is correct data as a result of the verification, 
it omits verification of said signature data added to said contents price information stored in the album price infor- 
mation. 

25 1 oo.The program storage medium according to claim 99, wherein said signature verifying step of said program verifies 
said signature data added to said contents data encrypted by said content key, only when instructed to verify said 
signature data based on said signature verification information stored in the contents handling policies, of said 
contents data encrypted by said content key, said signature data added to said contents data encrypted by said 
content key and said contents handling policies storing signature verification information representing whether or 

30 not the signature data is verified, sent from said information sending apparatus. 

1 01 .The program storage medium according to claim 1 00, wherein said signature verifying step of said program verifies 
said signature data added to said album contents data, only when instructed to verify said signature data based 
on said signature verification information stored in the contents handling policies, of said album contents data, 
35 said signature data added to the album contents data and said contents handling policies storing said signature 

verification information representing whether or not the signature data is verified, sent from said information sending 
apparatus. 

102. The program storage medium according to claim 99, wherein said signature verifying step of said program verifies 
40 said signature data added to said contents data encrypted by the content key, only when instructed to verify said 

signature data based on said signature verification information stored in the contents price information, of said 
contents data encrypted by said content key, said signature data added to said contents data encrypted by the 
content key and said contents price information storing signature verification information representing whether or 
not the signature data is verified, sent from said information sending apparatus. 

45 

1 03. The program storage medium according to claim 1 02, wherein said signature verifying step of said program verifies 
said signature data added to the album contents data, only when instructed to verify said signature data based on 
said signature verification information stored in the contents price information, of said album contents data, said 
signature data added to the album contents data and said contents price information storing said signature verifi- 

50 cation information representing whether or not the signature data is verified, sent from said information sending 

apparatus. 

104. The program storage medium according to claim 103, wherein said receiving step of said program receives said 
contents handling policies prescribing that receipt of another specific contents data of said is allowed only when 

55 said specific contents data is acquired. 

105. An information sending system for sending predetermined contents data from an information sending apparatus 
to an information receiving apparatus, wherein: 
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said information sending apparatus comprises means for sending, together with said contents data, data of 
the maximum number of times of possible resending predefined to the contents data; and 
said information receiving apparatus comprises: 

means for receiving, together with said contents data, data of maximum number of times; 

means for generating data of the remaining number of times of possible resending of said contents data 

based on said data of maximum number of times; and 

means for resending, that is, sending data of the remaining number of times together with said contents 
data. 

106. The information sending system according to claim 105, wherein: 

said means for generating data of the number of times of said information receiving apparatus generates, 
based on a source of said contents data, a via-apparatus data showing an apparatus by way of which the 
contents data is sent; and 

said means for resending sends said via-apparatus data together with said contents data and said data of the 
remaining number of times. 

1 07. An information sending apparatus for sending predetermined contents data to an information receiving appacatus, 
comprising means for sending to said information receiving apparatus, together with said contents data, data of 
the maximum number of times of possible resending predefined to the contents data. 

108. An information receiving apparatus for receiving predetermined contents data sent from an information sending 
apparatus, comprising: 

means for receiving said contents data and data of the maximum number of times of possible resending pre- 
defined to the contents data, sent from said information sending apparatus; and 

means for generating data of the remaining number of times of possible resending of said contents data based 
on said data of maximum number of times; and 

means for resending, that is, sending data of the remaining number of times together with said contents data. 

109. The information receiving apparatus according to claim 108, wherein: 

said means for generating data of the number of times generates, based on a source of said contents data, 
a via-apparatus data showing an apparatus by way of which the contents data is sent; and 
said means for resending sends said via-apparatus data together with said contents data and said data of the 
remaining number of times. 

110. An information sending method for sending predetermined contents data from an information sending apparatus 
to an information receiving apparatus, comprising: 

a sending step of sending by said information sending apparatus, together with said contents data, data of 
the maximum number of times of possible resending predefined to the contents data; 

a receiving step of, by said information receiving apparatus, said data of maximum number of times together 
with said contents data; 

a number of times data generating step of, by said information receiving apparatus, generating data of the 
remaining number of times of possible resending of said contents data based on said data of maximum number 
of times; and 

a resending step of, by said information receiving apparatus, sending data of the remaining number of times 
together with said contents data. 

111. The information sending method according to claim 110, wherein: 

said number of times data generating step generates, based on a source of said contents data, a via-apparatus 
data showing an apparatus by way of which the contents data is sent; and 

said resending step sends said via-apparatus data together with said contents data and said data of the re- 
maining number of times. 
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112.An information sending method for sending predetermined contents data to an information receiving apparatus, 
comprising a sending step of sending to said information receiving apparatus, together with said contents data, 
data of the maximum number of times of possible resending predefined to the contents data. 

5 1 13.An information receiving method for receiving predetermined contents data sent from an information sending ap- 
paratus, comprising: 

a receiving step of receiving said contents data and data of the maximum number of times of possible resending 
predefined to the contents data sent from an information sending apparatus; 
10 a number of times data generating step of generating data of the remaining number of times of possible re- 

sending of said contents data based on said data of maximum number of times; and 
a resending step of sending data of said remaining number of times together with said contents data. 



15 



20 



25 



114. The information receiving method according to claim 113, wherein: 

said means for generating data of the number of times generates, based on a source of said contents data, 
a via- apparatus data showing an apparatus by way of which the contents data is sent; and 
said means for resending sends said via-apparatus data together with said contents data and said data of the 
"remaining number of times. 

1 1 5 . A program storage medium storing a predetermined program and supplying the program to an information sending 
apparatus, characterized In that said program comprises: 

a sending step of sending to the information receiving apparatus, together with predetermine contents data, 
data of the maximum number of times of possible resending predefined to the contents data. 

1 1 6 A program storage medium storing a predetermined program and supplying the program to an information receiving 
apparatus, characterized in that said program comprises: 

a receiving step of receiving predetermined contents data and data of the maximum number of times of possible 
30 resending predefined to the contents data sent from an information sending apparatus; and 

a number of times data generating step of generating data of the remaining number of times of possible re- 
sending of said contents data based on said data of maximum number of times; and 
a resending step of sending data of the remaining number of times together with said contents data. 

35 117.The program storage medium according to claim 116, wherein: 

said means for generating data of the number of times of said program generates, based on a source of said 
contents data, a via-apparatus data showing an apparatus by way of which the contents data is sent; and 
said means for resending sends said via-apparatus data together with said contents data and said data of the 
40 remaining number of times. 

118.A recording and reproducing system for recording and reproducing by a recording and reproducing apparatus 
predetermined contents data sent from an information sending apparatus on a removable data storage apparatus, 
wherein: 

45 said information sending apparatus comprises: 



means for encrypting said contents data by a predetermined content key; and 

means for sending said content key and said contents data encrypted by the content key; and 

said recording and reproducing apparatus comprises: 

50 

means for receiving said content key and said contents data encrypted by the content key sent from said 
information sending apparatus; 

means for controlling recording and reproducing for sending out the received content key and said contents 
data encrypted by the content key to said data storage apparatus and having them recorded thereby or 
55 having said content key and said contents data encrypted by the content key reproduced from said data 

storage apparatus to read them; and 
said data storage apparatus comprises: 



105 



EP1 128 598 A1 

a predetermined record medium; 

means for holding a predetermined save key; 

means for encrypting a content key by said save key; 

means for recording and reproducing, that is, recording said content key encrypted by said save key 
and said contents data encrypted by the content key on said record medium or reproducing said 
content key encrypted by said save key and said contents data encrypted by the content key from 
the record medium; and means for decrypting by said save key said content key encrypted by the 
save key. 

119. The recording and reproducing system according to claim 118, wherein said means for holding a save key is 
tamper resistant in said data storage apparatus. 

120. The recording and reproducing system according to claim 119, wherein said means for controlling recording and 
reproducing limits said data storage apparatus as to reproduction of said contents data encrypted by said content 
key recorded on said record medium. 

1 21 .The recording and reproducing system according to claim 1 20, wherein said limitation of reproduction is the number 
of times of possible reproduction of said contents data. 

1 22. The recording and reproducing system according to claim 120, wherein said limitation of reproduction is the period 
of possible reproduction of said contents data. 

123. The recording and reproducing system according to claim 118. wherein said recording and reproducing apparatus 
comprises means for decrypting contents, that is, decrypting by using said content key said contents data encrypted 
by the content key read from said data storage apparatus. 

124. The recording and reproducing system according to claim 118, comprising means for controlling reproducing for 
having said content key and said contents data encrypted by the content key reproduced from said record medium 
of said data storage apparatus to read them, and has a reproducing apparatus on which said data storage apparatus 
is mounted in a removable manner. F 

125. The recording and reproducing system according to claim 124, wherein said reproducing apparatus comprises 
means for decrypting contents, that is, decrypting by said content key said contents data encrypted bv the content 
key read from said data storage apparatus. 

126 The recording and reproducing system according to claim 124, wherein said means for controlling reproducing 
limits said data storage apparatus as to reproduction of said contents data encrypted by said content kev recorded 
on said record medium. 

1 27. The recording and reproducing system according to claim 126, wherein said limitation of reproduction is the number 
of times of possible reproduction of said contents data. 

1 28. The recording and reproducing system according to claim 1 26, wherein said limitation of reproduction is the period 

• of possible reproduction of said contents data. . ' 

1 29. The recording and reproducing system according to claim 118, wherein said means for holding a save key of said 
data storage apparatus stores said save key unique to said data storage apparatus. 

130. A recording and reproducing apparatus to which a data storage apparatus having a predetermined record medium 
is provided in a 

removable manner, comprising: 

means for sending out contents data encrypted by a predetermined content key and the content key to said 
data storage apparatus; 

means for controlling recording and reproducing, that is, encrypting said content key by a predetermined save 
key and recording said contents data encrypted by said content key on said record medium, or reproducing 
said content key encrypted by said save key and said contents data encrypted by the content key from the 
record medium and decrypting by said save key said content key encrypted key by the save key and 
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means for reading said content key and said contents data encrypted by the content key from said data storage 
apparatus. 

1 31 .The recording and reproducing apparatus according to claim 1 30, comprising means for decrypting contents, that 
is, decrypting by using said content key said contents data encrypted by the content key read from said data 
storage apparatus. 

132. The recording and reproducing apparatus according to claim 130, wherein said means for controlling recording 
and reproducing limits said data storage apparatus as to reproduction of said contents data encrypted by said 
content key recorded on said record medium. 

133. The recording and reproducing apparatus according to claim 132, wherein said limitation of reproduction is the 
number of times of possible reproduction of said contents data. 

134. Ths recording and reproducing apparatus according to claim 132, wherein said limitation of reproduction is the 
period of possible reproduction of said contents data. 

135. The recording and reproducing apparatus according to claim 130, wherein said means for controlling recording 
and reproducing encrypts or decrypts said content key by using said save key unique to said data storage appa- 
ratus. 

136. A reproducing apparatus to which a data storage apparatus having a predetermined record medium is provided 
in a removable manner, comprising: 

means for controlling reproducing, that is, reproducing contents data encrypted by a predetermined content 

key and said content key encrypted by a predetermined save key recorded in advance on said record medium, 

and decrypting by using said save key said content key encrypted by the save key; and 

means for reading said content key and said contents data encrypted by the content key from said data storage 

apparatus. 

137. The reproducing apparatus according to claim 136, comprising means for decrypting contents, that is, decrypting 
by using said content key said contents data encrypted by the content key read from said data storage apparatus. 

138. A reproducing apparatus according to claim 136, wherein said means for controlling reproducing limits said data 
storage apparatus as to reproduction of said contents data encrypted by said content key recorded on said record 
medium. 

139. The reproducing apparatus according to claim 138, wherein said limitation of reproduction is the number of times 
of possible reproduction of said contents data. 

1 40. The reproducing apparatus according to claim 138, wherein said limitation of reproduction is the period of possible 
reproduction of said contents data. 

• * 

141 .The reproducing apparatus according to claim 136, wherein said means for controlling reproducing decrypts said 
content key by using said save key unique to said data storage apparatus. 

142.A data storage apparatus provided to a recording and/or reproducing apparatus in a removable manner for re- 
cording and/or reproducing predetermined data under control of the recording and/or reproducing apparatus, com- 
prising: 

a predetermined record medium; 

means for saving a predetermined save key; 

means for communication for sending and receiving predetermined content data encrypted by a predetermined 
content key and the content key to and from said recording and/or reproducing apparatus; 
means for encrypting said contents key by said save key under control of said recording and/or reproducing 
apparatus; and 

means for recording and reproducing, that is, under control of said recording and/or reproducing apparatus, 
recording said content key encrypted by said save key and said contents data encrypted by the content key 



107 



EP 1 128 598 A1 



on said record medium or reproducing said content key encrypted by said save key and said contents data 
encrypted by the content key from the record medium; and 

means for decrypting by using said save key said content key encrypted by the save key under control of said 
recording and/or reproducing apparatus. 

143. The data storage apparatus according to claim 142, wherein said means for holding a save key is tamper resistant 

144. The data storage apparatus according to claim 142, wherein said means for recording and reproducing limits 
reproduction of said contents data encrypted by said content key recorded on said record medium. 

145. The data storage apparatus according to claim 144, wherein said limitation of reproduction is the number of times 
of possible reproduction of said contents data. 

146. The data storage apparatus according to claim 144, wherein said limitation of reproduction is the period of possible 
reproduction of said contents data. 

147 . The data storage apparatus according to claim 142, wherein said means for recording and reproducing encrypts 
or decrypts said content key by using said save key unique to said data storage apparatus. 

148. The recording and reproducing method of recording and reproducing predetermined contents data sent from an 
information sending apparatus on a removable data storage apparatus by a recording and reproducing apparatus, 
comprising: 

a contents encrypting step of, by said information sending apparatus, encrypting said contents data by a pre- 
determined content key; 

a sending step of, by said information sending apparatus, sending said content key and said contents data 
encrypted by the content key; 

a receiving step of, by said recording and reproducing apparatus, receiving said content key and said contents 
data encrypted by the content key sent from said information sending apparatus; and 

a recording and reproducing controlling step of, by said recording and reproducing apparatus, sending out 
said content key and the contents data encrypted by the content key to said data storage apparatus and 
encrypting said content key by a save key held in advance on said data storage apparatus to record it on a 
record medium of said data storage apparatus together with said contents data encrypted by the content key, 
or reproducing said content key encrypted by said save key and said contents data encrypted by the content 
key from the record medium, and from said data storage apparatus, decrypting by said save key the content 
key encrypted by said save key to read it together with said contents data encrypted by said content key. 

149. The recording and reproducing method according to claim 148, wherein said recording and reproducing controlling 
step uses for recording and reproducing said content key said save key held by predetermined tamper resistant 
means for holding a save key in said data storage apparatus. 

1 SO.The recording and reproducing method according to claim 148, wherein said recording and reproducing controlling 
step limits reproduction of said contents data encrypted by said content key recorded on said record medium of - 
said data storage apparatus. » 

1 51 .The recording and reproducing method according to claim 1 50, wherein said recording and reproducing controlling 
step limits the number of times of possible reproduction as limitation of reproduction of said contents data encrypted 
by said content key recorded on said record medium of said data storage apparatus. 

1 52. The recording and reproducing method according to claim 1 50, wherein said recording and reproducing controlling 
step limits the period of possible reproduction as limitation of reproduction of said contents data encrypted by said 
content key recorded on said record medium of said data storage apparatus. 

1 53. The recording and reproducing method according to claim 1 48, comprising a contents decrypting step of decrypting 
by using said content key said contents data encrypted by the content key read from said data storage apparatus 
by said recording and reproducing apparatus. 

1 54. The recording and reproducing method according to claim 1 48, wherein said recording and reproducing controlling 
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step encrypts or decrypts said content key by using said save key unique to said data storage apparatus. 

155. The recording and reproducing method according to claim 148, comprising a reproducing controlling step of, by 
a reproducing apparatus on which said data storage apparatus is mounted in a removable manner, reproducing 

5 and reading said content key and said contents data encrypted by the content key from said record medium of 

said data storage apparatus. 

156. The recording and reproducing method according to claim 155. wherein said reproducing controlling step limits 
reproduction of said contents data encrypted by said content key recorded on said record medium of said data 

10 storage apparatus. 

157. The recording and reproducing method according to claim 156, wherein said reproducing controlling step limits 
the number of times of possible reproduction as limitation of reproduction of said contents data encrypted by said 
content key recorded on said record medium of said data storage apparatus. 

15 

158. The recording and reproducing method according to claim 156, wherein said reproducing controlling step limits 
the period of possible reproduction as limitation of reproduction of said contents data encrypted by said content 
key recorded on said record medium of said data storage apparatus. 

20 1 59.The recording and reproducing method according to claim 1 56, comprising a contents decrypting step of decrypting 
by using said content key said contents data encrypted by the content key read from said data storage apparatus 
by said reproducing apparatus. 

160.The recording and reproducing method according to claim 155, wherein said reproducing controlling step decrypts 
25 said content key by using said save key unique to said data storage apparatus. 

161 JK recording and reproducing method for recording and reproducing predetermined contents data on a record 
medium of a data storage apparatus provided in a removable manner to a recording and reproducing apparatus, 
comprising: 

30 

a sending out step of sending out contents data encrypted by a predetermined content key and the content 
key from said recording and reproducing apparatus to said data storage apparatus; 

a recording and reproducing step of, under control of said recording and reproducing apparatus, encrypting 
said content key by a predetermined save key and recording said content key together with said contents data 
35 encrypted by said content key on said record medium, or reproducing said content key encrypted by said save 

key and said contents data encrypted by the content key from the record medium and decrypting by using 
said save key said content key encrypted by the save key; and 

a reading step of reading said decrypted content key and said contents data encrypted by said content key 
from said data storage apparatus to said recording and reproducing apparatus. 

40 

1 62.The recording and reproducing method according to claim 161 , comprising a contents decrypting step of decrypting 
by using said content key said contents data encrypted by the content key read from said data storage apparatus 
by said recording and reproducing apparatus. . . 

■*•.• • - 

45 163.The recording and reproducing method according to claim 161, wherein said recording and reproducing step limits 
reproduction of said contents data encrypted by said content key recorded on said record medium of said data 
storage apparatus under control of said recording and reproducing apparatus. 

164. The recording and reproducing method according to claim 163, wherein said recording and reproducing step limits 
50 the number of times of possible reproduction as limitation of reproduction of said contents data encrypted by said 

content key recorded on said record medium of said data storage apparatus under control of said recording and 
reproducing apparatus. 

165. The recording and reproducing method according to claim 163, wherein said recording and reproducing step limits 
55 the period of possible reproduction as limitation of reproduction of said contents data encrypted by said content 

key recorded on said record medium of said data storage apparatus under control of said recording and reproducing 
apparatus. 
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166. The recording and reproducing method according to claim 161, wherein said recording and reproducing step en- 
crypts or decrypts said content key by using said save key unique to said data storage apparatus. 

167. A reproducing method for reproducing predetermined contents data from a record medium of a data storage ap- 
paratus provided in a removable manner to a reproducing apparatus, comprising: 

a reproducing step of, under control of said reproducing apparatus, reproducing contents data encrypted by 
a predetermined content key recorded in advance and said content key encrypted by a predetermined save 
key from said record medium of said data storage apparatus; 

a decrypting step of decrypting by using said save key said content key encrypted by the save key under 
control of said reproducing apparatus; and 

a reading step of reading said content key and said contents data encrypted by said content key from said 
data storage apparatus to said reproducing apparatus. 

168. The reproducing method according to claim 167, comprising a contents decrypting step of decrypting by using 
said content key said contents data encrypted by the content key read from said data storage apparatus byt£aid 
reproducing apparatus. 

1 69. The reproducing method according to claim 167, wherein said reproducing step limits reproduction of said contents 
data encrypted by said content key recorded on said record medium of said data storage apparatus under control 
of said reproducing apparatus. 

170. The reproducing method according to claim 169, wherein said reproducing step limits the number of times of 
possible reproduction as limitation of reproduction of said contents data encrypted by said content key recorded 
on said record medium of said data storage apparatus under control of said reproducing apparatus. 

171 .The reproducing method according to claim 169, wherein said reproducing step limits the period of possible re- 
production as limitation of reproduction of said contents data encrypted by said content key recorded on said record 
medium of said data storage apparatus under control of said reproducing apparatus. 

172. The reproducing method according to claim 167, wherein said decrypting step decrypts said content key by using 
said save key unique to said data storage apparatus. 

173 . A program storage medium storing a predetermined program and supplying the program to a recording and re- 
producing apparatus, wherein said program comprises: 

a sending out step of sending out contents data encrypted by a predetermined content key and the content 
key to a data storage apparatus provided in a removable manner to said recording and reproducing apparatus; 
a recording and reproducing controlling step of controlling said data storage apparatus for encrypting said 
content key by a predetermined save key and recording it together with said contents data encrypted by said 
content key on a predetermined record medium of said data storage apparatus, or reproducing said content 
key encrypted by said save key and said contents data encrypted by the content key from the record medium 
and decrypting by using said save key said content key encrypted by the save key; and 
a reading step of reading said decrypted content key and said contents data encrypted by said content key 
from said data storage apparatus. 

174. The program storage medium according to claim 173, wherein said program comprises a contents decrypting step 
of decrypting by using said content key said contents data encrypted by the content key read from said data storage 
apparatus. 

175. The program storage medium according to claim 173, wherein said recording and reproducing controlling step of 
said program limits reproduction of said contents data encrypted by said content key recorded on said record 
medium of said data storage apparatus under control of said recording and reproducing apparatus. 

176. The program storage medium according to claim 175, wherein said recording and reproducing controlling step of 
said program limits the number of times of possible reproduction as limitation of reproduction of said contents data 
encrypted by said content key recorded on said record medium of said data storage apparatus under control of 
said recording and reproducing apparatus. 
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177 . The program storage medium according to claim 175, wherein said recording and reproducing controlling step of 
said program limits the period of possible reproduction as limitation of reproduction of said contents data encrypted 
by said content key recorded on said record medium of said data storage apparatus under control of said recording 
and reproducing apparatus. 

5 

178. The program storage medium according to claim 173, wherein said recording and reproducing controlling step of 
said program encrypts or decrypts said content key by using said save key unique to said data storage apparatus. 

179. A program storage medium storing a predetermined program and supplying the program to a reproducing appa- 
10 ratus, characterized in that said program comprises: 

a reproducing controlling step of controlling said data storage apparatus for reproducing contents data en- 
crypted by a predetermined content key and said content key encrypted by a predetermined save key recorded 
in advance from the record medium of a data storage apparatus provided in a removable manner to said 
15 .reproducing apparatus; 

a decrypting controlling step of controlling said data storage apparatus for decrypting by using said save key 
said content key encrypted key by the save key; and 

a reading step of reading said content key and said contents data encrypted by said content key from said 
"data storage apparatus. 

20 

180. The program storage medium according to claim 179. wherein said program comprises a contents decrypting step 
of decrypting by using said content key said contents data encrypted by said content key read from said data 
storage apparatus by said reproducing apparatus. 

25 181.The program storage medium according to claim 179, wherein said reproducing controlling step of said program 
limits reproduction of said contents data encrypted by said content key recorded on said record medium of said 
data storage apparatus. 

182. The program storage medium according to claim 181 , wherein said reproducing controlling step of said program 
30 limits the number of times of possible reproduction as limitation of reproduction of said contents data encrypted 

by said content key recorded on said record medium of said data storage apparatus. 

183. The program storage medium according to claim 181 , wherein said reproducing controlling step of said program 
limits the period of possible reproduction as limitation of reproduction of said contents data encrypted by said 

35 content key recorded on said record medium of said data storage apparatus. 

184. The program storage medium according to claim 179, wherein said decrypting controlling step of said program 
decrypts said content key by using said save key unique to said data storage apparatus. 

40 185 JK program storage medium storing a predetermined program and supplying the program to a data storage appa- 
ratus, wherein said program comprises: 

a receiving step.of receiving contents data encrypted by a predetermined content key and the content key 
sent from a recording and reproducing apparatus to which said data storage apparatus is provided in a re- 

45 movable manner, 

a recording and reproducing step of, under control of said recording and reproducing apparatus, encrypting 
said content key by a predetermined save key and recording it together with said contents data encrypted by 
said content key on a predetermined record medium of said data storage apparatus, or reproducing said 
content key encrypted by said save key and said contents data encrypted by the content key from the record 

so medium and decrypting by using said save key said content key encrypted key by the save key; and 

a sending step of sending said content key and said contents data encrypted by said content key to said 
recording and reproducing apparatus. 

1 86. The program storage medium according to claim 1 85, wherein said recording and reproducing step of said program 
55 limits reproduction of said contents data encrypted by said content key recorded on said record medium of said 

data storage apparatus under control of said recording and reproducing apparatus. 

187. The program storage medium according to claim 186, wherein said recording and reproducing step of said program 
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limits the number of times of possible reproduction as limitation of reproduction of said contents data encrypted 
by said content key recorded on said record medium of said data storage apparatus under control of said recording 
and reproducing apparatus. 

1 88. The program storage medium according to claim 186, wherein said recording and reproducing step of said program 
limits the period of possible reproduction as limitation of reproduction of said contents data encrypted by said 
content key recorded on said record medium of said data storage apparatus under control of said recording and 
reproducing apparatus. 

1 89. The program storage medium according to claim 185, wherein said recording and reproducing step of said program 
encrypts or decrypts said content key by using said save key unique to said data storage apparatus. 

190. A program storage medium storing a predetermined program and supplying the program to a data storage appa- 
ratus, wherein said program comprises: 

a reproducing step of, under control of a reproducing apparatus to which said data storage apparatus is pro- 
vided in a removable manner, reproducing contents data encrypted by a predetermined content key and said 
content key encrypted by a predetermined save key recorded in advance from the record medium of said data 
storage apparatus; 

a decrypting step of decrypting by using said save key said content key encrypted by the save key under 
control of said reproducing apparatus; and 

a sending step of sending said content key and said contents data encrypted by said content key to said 
reproducing apparatus. 

191. The program storage medium according to claim 190, wherein said reproducing step of said program limits repro- 
duction of said contents data encrypted by said content key recorded on said record medium under control of said 
reproducing apparatus. 

192. The program storage medium according to claim 191, wherein said reproducing step of said program limits the 
number of times of possible reproduction as limitation of reproduction of said contents data encrypted by said 
content key recorded on said record medium under control of said reproducing apparatus. 

193. The program storage medium according to claim 191, wherein said reproducing step of said program limits the 
period of possible reproduction as limitation of reproduction of said contents data encrypted by said content key 
recorded on said record medium under control of said reproducing apparatus. 

194. The program storage medium according to claim 190, wherein said decrypting step of said program decrypts said 
content key by using said save key unique to said data storage apparatus. 

195. A data management system, comprising: 

a removable data storage apparatus having a predetermined record medium; 

a recording apparatus for recording predetermined contents data on said record medium o{said data storage 
apparatus; and 

a management apparatus, connected to various apparatuses, for capturing contents data recorded on a record 
medium of said data storage apparatus and managing movement of the contents data to various apparatuses 
in place of said data storage apparatus. 

196. The data management system according to claim 195, wherein said recording apparatus comprises: 

means for sending said contents data encrypted by a predetermined content key, the content key, and handling 
policies prescribing the conditions for using the content key to said removable data storage apparatus; and 
means for controlling recording, that is, controlling said data storage apparatus for prescribing the rights to 
utilize said contents data based on said handling policies and having license conditions information storing 
identification information for identifying a holder of the contents data created so as to record the license con- 
ditions information, said contents data encrypted by said content key, the content key and said handling policies 
on said record medium; and 
said management apparatus comprises: 
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means for capturing, that is, reproducing and capturing said contents data encrypted by said content key. 
the contents key, and said license conditions information from said record medium of said data storage 
apparatus; and 

means for managing movement, that is, updating said license conditions information by changing said 
identification information, and moving said contents data encrypted by said content key and the content 
key together with said updated license conditions information to various apparatuses. 

197. The data management system according to claim 196, wherein said means for capturing of said management 
apparatus captures said license conditions information, said contents data encrypted by said content key and the 
content key returned based on the license conditions information from said various apparatuses. 

198. The data management system according to claim 196, wherein: 

said means for controlling recording of said recording apparatus prescribes the rights to utilize said contents 
. data based on said handling policies and has said license conditions information storing said identification 
information unique to said data storage apparatus created; and 

said means for managing movement of said management apparatus updates said license conditions informa- 
tion by changing said identification information unique to said data storage apparatus in said license conditions 
" information to said identification information unique to said management apparatus. 

199. The data management system according to claim 198, wherein: 

said means for sending of said recording apparatus sends price information of said contents data in addition 
to said contents data encrypted by said content key, the content key, and said handling policies to said data 
storage apparatus; 

said means for controlling recording has accounting information for purchase of said contents data generated 
by said data storage apparatus based on said handling policies and said price information to be held in a 
predetermined memory; and 

said means for capturing of said management apparatus captures said accounting information together with 
said contents data encrypted by said content key, the contents key, and said license conditions information. 

200. The data management system according to claim 199, wherein: 

said means for capturing of said management apparatus captures said content key encrypted by a temporary 
key shared between said management apparatus and said data storage apparatus and said accounting information 
encrypted by the temporary key. 

201. The data management system according to claim 200, wherein: 

said means for capturing of said management apparatus captures said accounting information to which sig- 
nature data is added after being encrypted by said temporary key from said data storage apparatus. 

202 Jk management apparatus connecting various apparatuses with a predetermined removable data storage appa- 
ratus, comprising: 

* • means for capturing, that is, reproducing and capturing predetermined contents data recorded on a record 
medium of said data storage apparatus; and 

means for managing movement of said contents data to various apparatuses in place of said data storage 
apparatus. 

203.The management apparatus according to claim 202, wherein: 

said means for capturing captures said contents data encrypted by a predetermined content key, the content 
key, and license conditions information prescribing the rights to utilize said contents data generated based on 
handling policies prescribing the conditions for using the content key and storing identification information for 
identifying a holder of the contents data from said record medium of said data storage apparatus; and 
said means for managing movement updates said license conditions information by changing said identifica- 
tion information, and moves said contents data encrypted by said content key and the content key together 
with said updated license conditions information to various apparatuses. 



113 



EP 1 128 598 A1 



204. The management apparatus according to claim 202, wherein: 

said means for capturing captures the license conditions information, said contents data encrypted by said 
contents key and the content key returned from said various apparatuses based on said license conditions infor- 
mation. 

5 

205. The management apparatus according to claim 203, wherein: 

said means for capturing captures said license conditions information storing said identification information 
unique to said data storage apparatus; and 
10 said means for managing movement updates said license conditions information by changing said identifica- 

tion information unique to said data storage apparatus in said license conditions information to said identifi- 
cation information unique to said management apparatus. 

206. The management apparatus according to claim 205, wherein: 

15 said means for capturing captures accounting information for purchase of said contents data generated based 

on said handling policies and price information of said contents data from said data storage apparatus. r 

207. The management apparatus according to claim 206, comprising means for decrypting by a temporary key prede- 
termined data encrypted by the temporary key shared between said management apparatus and said data storage 

20 apparatus; and wherein: 

said means for capturing captures said content key encrypted by said temporary key and said accounting 
information encrypted by the temporary key from said data storage apparatus; and 

said means for decrypting decrypts by said temporary key said content key and said accounting information 
25 encrypted by said temporary key respectively. 

208. The management apparatus according to claim 207, comprising means for detecting, that is, verifying signature 
data added to predetermined data and detecting whether or not said data is tampered; and wherein: 

30 said means for capturing captures said accounting information to which signature data is added after being 

encrypted by said temporary key from said data storage apparatus; and 

said means for detecting verifies said signature added to said accounting information encrypted by said tem- 
porary key. 

35 209 JK removable data storage apparatus having a predetermined record medium, comprising: 

means for receiving contents data encrypted by a predetermined content key, the content key, and handling 
policies prescribing the conditions for using the content key sent from a predetermined recording apparatus 
when connected to the recording apparatus; 
40 means for creating information, that is, creating license conditions information prescribing the rights to utilize 

said contents data based on said handling policies and storing identification information for identifying a holder 
of the contents data under control of said recording apparatus; 

means for recording on said record medium said license conditions information, said contents data encrypted 
by said content key, the contents key and said handling policies under control of said recording apparatus; 

45 means for, when connected to a management apparatus for managing movement of said contents data to 

various apparatuses, reproducing said contents data encrypted by said content key, the content key and said 
license conditions information from said record medium under control of said management apparatus; and 
means for sending to said management apparatus said license conditions information for managing said con- 
tents data together with said contents data encrypted by said content key and the content key so as to shift 

so management of said contents data under control of said management apparatus. 

210. The data storage apparatus according to claim 209, wherein: 

said means for creating information creates license conditions information for prescribing the rights to utilize 
said contents data based on said handling policies and storing changeable identification information for identifying 
65 a holder of the contents data. 

211. The data storage apparatus according to claim 210, wherein: 

said means for creating information creates said license conditions information storing said identification 
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information unique to said data storage apparatus. 

212.The data storage apparatus according to claim 211, wherein: 

5 said means for receiving receives contents data encrypted by said content key, the content key and price 

information of said contents data sent together with said handling policies from said recording apparatus; and 
said means for creating information creates accounting information for purchase of said contents data based 
on said handling policies and said price information and records it in a predetermined memory. 

10 213.The data storage apparatus according to claim 212, wherein: 

said means for creating information records said accounting information in said memory that is tamper re- 
sistant 

214. The data storage apparatus according to claim 213. comprising means for encrypting said content key by a tem- 
15 porary key shared with said management apparatus and also encrypting said accounting information by the tem- 
porary key; and 

said means for sending sends to said management apparatus said content key encrypted by said temporary 
key and said accounting information encrypted by said temporary key together with said contents data encrypted 
by said content key and said license conditions information. 

20 

215. The data storage apparatus according to claim 214, comprising means for adding signature data for verifying 
whether or not tampering is performed to said accounting information encrypted by said temporary key; and where- 
in: 

said means for sending sends to said management apparatus said accounting information encrypted by said 
25 temporary key with signature data added together with said contents data encrypted by said content key, said 

license conditions information and said content key encrypted by said temporary key. 

21 6. A data management method, comprising: 

30 a sending step of sending predetermined contents data to a removable data storage apparatus by a prede- 

termined recording apparatus; 

a recording step of recording said contents data on a record medium of said data storage apparatus under 
control of said recording apparatus; 

a capturing step of reproducing and capturing said contents data from the record medium of said data storage 
35 apparatus by a management apparatus connected to various apparatuses; and 

a movement managing step of managing movement of said contents data to various apparatuses by a man- 
agement apparatus in place of said data storage apparatus. 

217. The data management method according to claim 216, wherein: 

40 

said sending step sends to said data storage apparatus said contents data encrypted by a predetermined 
content key, the content key and handling policies prescribing conditions for using the content key; 
said recording step records on said record medium said contents data encrypted by said content key, the 
content key and handling policies prescribing conditions for using the content key, and also has license con- 
45 ditions information prescribing the rights to utilize said contents data based on said handling policies and 

storing identification information for identifying a holder of the contents data created by said data storage 
apparatus and records it on said record medium; 

said capturing step reproduces and captures said contents data encrypted by said content key, the content 
key and said license conditions information from said record medium of said data storage apparatus; and 
50 said movement managing step updates said license conditions information by changing said identification 

information, and moves said contents data encrypted by said content key and the content key together with 
said updated license conditions information to said various apparatuses. 

218. The data management method according to claim 217, comprising: 

55 a capturing step of capturing the license conditions information, said contents data encrypted by said content 

key and the content key returned from said various apparatuses based on said identification information by said 
management apparatus. 



115 



EP1 128 598 A1 



219.The data management method according to claim 217, wherein: 

said recording step creates said license conditions information prescribing the rights to utilize said contents 
data based on said handling policies and storing said identification information unique to said data storage 
5 apparatus; and 

said movement managing step updates said license conditions information by changing said identification 
information unique to said data storage apparatus in said license conditions information to said identification 
information unique to said management apparatus. 

10 220.The data management method according to claim 219, wherein: 

said sending step sends to said data storage apparatus price information of said contents data in addition to 
said contents data encrypted by said content key, the content key and said handling policies from said recording 
apparatus; 

15 said recording step has accounting information for purchase of said contents data generated by saio>data 

storage apparatus based on said handling policies and said price information and holds it in a predetermined 
memory; and 

said capturing step captures said accounting information together with said contents data encrypted by said 
content key, the contents key, and said license conditions information. 

20 

221 .The data management method according to claim 220, wherein: 

said capturing step captures, after being reproduced from said record medium of said data storage apparatus, 
said content key encrypted by a temporary key shared between said management apparatus and said data storage 
apparatus and said accounting information encrypted by the temporary key. 

25 

222.The data management system according to claim 221, wherein: 

said capturing step captures said accounting information to which signature data is added after being en- 
crypted by said temporary key from said data storage apparatus. 

30 223 JK data management method wherein various apparatuses are connected with a predetermined removable data 
storage apparatus, comprising: 

a capturing step of reproducing and capturing predetermined contents data recorded on a record medium of 
said data storage apparatus; and 
35 a movement managing step of managing movement of said contents data to various apparatuses in place of 

said data storage apparatus. 

224. The data management method according to claim 223, wherein: 

40 said capturing step captures said contents data encrypted by a predetermined content key, the content key, 

and license conditions information prescribing the rights to utilize said contents data generated based on 
handling policies prescribing the conditions for using the content key and storing identification information for 
identifying a holder of the contents data from said record mediuhi of said data storage apparatus; and 
said movement managing step updates said license conditions information by changing said identification 

45 information, and moves said contents data encrypted by said content key and the content key together with 

said updated license conditions information to said various apparatuses. 

225. The data management method according to claim 223, wherein: 

said capturing step captures the license conditions information, said contents data encrypted by said contents 
so key and the content key returned from said various apparatuses based on said license conditions information. 

226. The data management method according to claim 224, wherein: 

said capturing step captures said license conditions information storing said identification information unique 
55 to said data storage apparatus; and 

said movement managing step updates said license conditions information by changing said identification 
information unique to said data storage apparatus in said license conditions information to said identification 
information unique to said management apparatus. 
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227.The data management method according to claim 226, wherein: 

said capturing step captures accounting information for purchase of said contents data generated based on . 
said handling policies and price information of said contents data from said data storage apparatus. 

5 228.The data management method according to claim 227, comprising: 

a decrypting step of decrypting by a temporary key predetermined data encrypted by the temporary key 
shared between said management apparatus and said data storage apparatus; and wherein: 

said capturing step captures said content key encrypted by said temporary key and said accounting information 
10 encrypted by the temporary key from said data storage apparatus; and 

said decrypting step decrypts by said temporary key said content key and said accounting information en- 
crypted by said temporary key respectively. 

229 . The data management method according to claim 228, comprising a detecting step of verifying signature data 
15 added to predetermined data and detecting whether or not said data is tampered; and wherein: 

said capturing step captures said accounting information to which signature data is added after being encrypted 
by said temporary key from said data storage apparatus; and 

said detecting step verifies said signature added to said accounting information encrypted by said temporary 
20 key. 

230. A data management and movement method for a removable data storage apparatus having a predetermined 
record medium, comprising: 

25 a receiving step of receiving contents data encrypted_by a predetermined content key, the content key, and 

handling policies prescribing the conditions for using the content key sent from a predetermined recording 
apparatus to said data storage apparatus; 

an information creating step of creating license conditions information prescribing the rights to utilize said 
contents data based on said handling policies and storing identification information for identifying a holder of 
30 the contents data under control of said recording apparatus; 

a recording step of recording on said record medium said license conditions information, said contents data 
encrypted by said content key, the contents key and said handling policies under control of said recording 
apparatus; 

a reproducing step of, when said data storage apparatus is connected to a management apparatus for man- 
35 aging movement of said contents data to various apparatuses, reproducing said contents data encrypted by 

said content key, the content key and said license conditions information from said record medium under 
control of the management apparatus; and 

a sending step of sending to said management apparatus said license conditions information for managing 
said contents data together with said contents data encrypted by said content key and the content key from 
said data storage apparatus so as to shift management of said contents data under control of said management 
apparatus. 

231 .The data management and movement method according to claim 230, wherein: 

said information creating step creates iicense conditions information for prescribing the rights to utilize said 
<5 contents data based on said handling policies and storing changeable identification information for identifying a 

holder of the contents data. 

232. The data management and movement method according to claim 231, wherein: 

said information creating step creates said license conditions information storing said identification informa- 
50 tion unique to said data storage apparatus. 

233. The data management and movement method according to claim 232, wherein: 

said receiving step receives contents data encrypted by said content key, the content key and price information 
55 of said contents data sent together with said handling policies from said recording apparatus; and 

said information creating step creates accounting information for purchase of said contents data based on 
said handling policies and said price information and records it in a predetermined memory. 
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234. The data management and movement method according to claim 233, wherein: 

said information creating step records said accounting information in said memory that is tamper resistant. 

235. The data management and movement method according to claim 234, comprising: 

an encrypting step of encrypting said content key by a temporary key shared with said management apparatus 
and also encrypting said accounting information by the temporary key; and wherein: 

said sending step sends to said management apparatus said content key encrypted by said temporary key 
and said accounting information encrypted by said temporary key together with said contents data encrypted by 
said content key and said license conditions information. 

236. The data management and movement method according to claim 235, comprising: 

an adding step of adding signature data for verifying whether or not tampering is performed to said accounting 
information encrypted by said temporary key; and wherein: 

said sending step sends to said management apparatus said accounting information encrypted by said tem- 
porary key with signature data added together with said contents data encrypted by said content key, said 
license conditions information and said content key encrypted by said temporary key. 

237 . A program storage medium storing a predetermined program and supplying the program to a management appa- 
ratus, characterized in that said program comprises: 

a capturing step of reproducing and capturing predetermined contents data from a record medium of a pre- 
determined removable data storage apparatus connected to said management apparatus to which various 
apparatuses will be connected; and 

a movement managing step of managing movement of said contents data to various apparatuses in place of 
said data storage apparatus. 

238. The program storage medium according to claim 237, wherein: 

said capturing step captures said contents data encrypted by a predetermined content key, the content key, 
and license conditions information prescribing the rights to utilize said contents data generated based on 
handling policies prescribing the conditions for using the content key and storing identification information for 
identifying a holder of the contents data from said record medium of said data storage apparatus; and 
said movement managing step updates said license conditions information by changing said identification 
information, and moves said contents data encrypted by said content key and the content key together with 
said updated license conditions information to said various apparatuses. 

239. The program storage medium according to claim 237, wherein: 

said capturing step of said program captures the license conditions information, said contents data encrypted 
by said contents key and the content key returned from said various apparatuses based on said license conditions 
information. 

240. The program storage medium according to claim 238. wherein: 

said capturing step of said program captures said license conditions information storing said identification 
information unique to said data storage apparatus; and 

said movement managing step updates said license conditions information by changing said identification 
information unique to said data storage apparatus in said license conditions information to said identification 
information unique to said management apparatus. 

241 .The program storage medium according to claim 240, wherein: 

said capturing step of said program captures accounting information for purchase of said contents data gen- 
erated based on said handling policies and price information of said contents data from said data storage apparatus. 

242.The program storage medium according to claim 241, wherein said program comprises a decrypting step of de- 
crypting predetermined data encrypted by a temporary key shared between said management apparatus and said 
data storage apparatus by the temporary key; and 
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said capturing step captures said content key encrypted by said temporary key and said accounting information 
encrypted by the temporary key from said data storage apparatus; and 

said decrypting step decrypts by said temporary key said content key and said accounting information en- 
crypted by said temporary key respectively. 

5 

243. The program storage medium according to claim 242, wherein said program comprises a detecting step of verifying 
signature data added to predetermined data and detecting whether or not said data is tampered; and 

said capturing step captures said accounting information to which signature data is added after being encrypted 
10 by said temporary key from said data storage apparatus; and 

said detecting step verifies said signature added to said accounting information encrypted by said temporary 
key. 

244. A program storage medium storing a predetermined program and supplying the program to a data storage appa- 
15 ratus, characterized In that said program comprises: 

a receiving step of receiving contents data encrypted by a predetermined content key, the content key, and 
handling policies prescribing the conditions for using the content key sent from a predetermined recording 
'apparatus to said removable data storage apparatus; 
20 an information creating step of creating license conditions information prescribing the rights to utilize said 

contents data based on said handling policies and storing identification information for identifying a holder of 
the contents data under control of said recording apparatus; 

a recording step of recording on a predetermined record medium said license conditions information, said 
contents data encrypted by said content key, the contents key and said handling policies under control of said 

25 recording apparatus; 

a reproducing step of, when said data storage apparatus is connected to a management apparatus for man- 
aging movement of said contents data to various apparatuses, reproducing said contents data encrypted by 
said content key, the content key and said license conditions information from said record medium under 
control of the management apparatus; and 

30 a sending step of sending to said management apparatus said license conditions information for managing 

said contents data together with said contents data encrypted by said content key and the content key from 
said data storage apparatus so as to shift management of said contents data under control of said management 
apparatus. 



35 245.The program storage medium according to claim 244, wherein: 

said information creating step of said program creates license conditions information for prescribing the rights 
to utilize said contents data based on said handling policies and storing changeable identification information for 
identifying a holder of the contents data. 

40 246.The program storage medium according to claim 245, wherein: 

said information creating step of said program created said license conditions information storing said iden- 
tification information unique to said data storage apparatus. 



45 



247 .The program storage medium according to claim 246, wherein: 



said receiving step of said program receives contents data encrypted by said content key, the content key and 
price information of said contents data sent together with said handling policies from said recording apparatus; 
and 

said information creating step creates accounting information for purchase of said contents data based on 
so said handling policies and said price information and records it in a predetermined memory. 



248. The program storage medium according to claim 247, wherein: 

said information creating step of said program records said accounting information in said memory that is 
tamper resistant. 

55 

249. The program storage medium according to claim 248, wherein said program comprises an encrypting step of 
encrypting said content key by a temporary key shared with said management apparatus and also encrypting said 
accounting information by the temporary key; and 
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said sending step sends to said management apparatus said content key encrypted by said temporary key 
and said accounting information encrypted by said temporary key together with said contents data encrypted by 
said content key and said license conditions information. 

5 250.The program storage medium according to claim 249, wherein said program comprises an adding step of adding 
signature data for verifying whether or not tampering is performed to said accounting information encrypted by 
said temporary key; and 

said sending step sends to said management apparatus said accounting information encrypted by said tem- 
porary key with signature data added together with said contents data encrypted by said content key, said license 
10 conditions information and said content key encrypted by said temporary key. 

251 .An information provision system constructed of an information receiving apparatus and said regulating apparatus, 
wherein said information receiving apparatus comprises: 

15 means on the receiving apparatus side for receiving predetermined contents data; 

means for adding a signature to utilization permission data showing said received contents data; 

means on the receiving apparatus side for sending said utilization permission data to which said signature is 

added; and 

said information regulating apparatus comprises: 

20 

means on the regulating apparatus side for receiving said utilization permission data to which said signa- 
ture is added; 

means for determining, that is, verifying said signature added to said utilization permission data to deter- 
mine whether or not the utilization permission data is illegal data; and 
25 means for notifying said information receiving apparatus, if determined as a result of verifying said signa- 

ture that said utilization permission data is illegal data, of nonpermission of utilization of said contents data 
and prohibiting said information receiving apparatus from utilizing said contents data. 

252.The information provision system according to claim 251, wherein: 
30 said means for determining of said information regulating apparatus verifies a signature on said utilization 

permission data, and determines that said utilization permission data is illegal data if the utilization permission 
data is tampered to show contents data different from said contents data received by said information receiving 
apparatus. 

35 253.The information provision system according to claim 252, wherein: 

said means for adding of said information receiving apparatus adds said signature to said utilization permission 
data prescribing the rights to utilize said contents data; and 

said means for determining of said information regulating apparatus verifies said signature on said utilization 
40 permission data, and determines that said utilization permission data is illegal data if said utilization rights 

prescribed by the utilization permission data are tampered to prescribe other utilization rights. 

254. The information provision system according to claim 253, comprising an information sending apparatus for sending 
- ■*- .-" said contents data; and wherein: 

45 said information receiving apparatus and said information regulating apparatus are connected online via said 

information sending apparatus. 

255. An information regulating apparatus connected online with a predetermined information receiving apparatus, com- 
prising: 

50 

means for receiving utilization permission data showing predetermined contents data and to which a signature 
is added sent from said information receiving apparatus; 

means for determining, that is, verifying the signature on said utilization permission data to determine whether 
or not the utilization permission data is illegal data; and 
55 means for notifying said information receiving apparatus, if determined that said utilization permission data is 

illegal data as a result of verifying said signature, of nonpermission of utilization of said contents data and 
prohibiting said information receiving apparatus from utilizing said contents data. 
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256. The information regulating apparatus according to claim 255, wherein: 

said means for determining verifies a signature on said utilization permission data, and determines that said 
utilization permission data is illegal data if the utilization permission data is tampered to show contents data different 
from said contents data received by said information receiving apparatus. 

5 

257. The information regulating apparatus according to claim 256, wherein: 

said means for receiving receives said utilization permission data prescribing the rights to utilize said contents 
data and to which said signature is added; and 
10 said means for determining verifies a signature on said utilization permission data, and determines that said 

utilization permission data is illegal data rf said utilization rights are tampered to prescribe other utilization rights. 

258. The information regulating apparatus according to claim 255, wherein: 

15 - said means for receiving receives accounting information generated during a purchasing process of said con- 

tents data and to which said signature is added as said utilization permission data; 

said means for determining verifies the signature on said accounting information to determine whether or not 
said accounting information is illegal data; and 

said means for notifying notifies said information receiving apparatus, if determined that said accounting irv 
20 formation is illegal data since it is tampered as a result of verifying said signature, of suspension of the pur- 

chasing process as nonpermission of utilization of said contents data and prohibits said information receiving 
apparatus from purchasing said contents data. 



259.The information regulating apparatus according to claim 258, comprising a means for decrypting predetermined 
25 encrypted data; and wherein: 

said means for receiving receives said accounting information to which said signature is added after being 
encrypted by a temporary key shared between said information regulating apparatus and said information 
receiving apparatus; 

30 said means for determining verifies the signature on said accounting information to determine whether or not 

said accounting information is illegal data; and 

said means for decrypting decrypts said encrypted accounting information by said temporary key if it is deter- 
mined that said accounting information is justifiable data as a result of verifying said signature. 

35 260.An information receiving apparatus connected online to a predetermined information regulating apparatus, com- 
prising: 

means for receiving predetermined contents data that is sent; 

means for adding to utilization permission data showing said contents data a signature capable of detecting 
40 whether or not said contents data shown by the utilization permission data is tampered to be other contents 

data; and 

means for sending said utilization permission data to which said signature is added to said information regu- 
lating apparatus which decides whether or not to prohibit utilization of said contents data according to the 
result of verification of said signature. 
45 . 

261 -The information receiving apparatus according to claim 260, wherein: 

said means for adding adds said signature in order to allow detection of whether or not said utilization per- 
mission data prescribing the rights to utilize said contents data is tampered to prescribe other utilization rights. 

50 262.The information receiving apparatus according to claim 260, comprising means for processing purchase, that is, 
performing a purchasing process of said contents data and generating accounting information for purchase of said 
contents data; and wherein: 

said means for adding adds said signature to said accounting information generated during a purchasing 
process of said contents data as said utilization permission data. 

55 

263.The information receiving apparatus according to claim 262, comprising means for receiving a notice of whether 
or not utilization of said contents data is prohibited from said information regulating apparatus; and wherein: 

said means for processing purchase suspends said purchasing process if notified of nonpermission of utili- 
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zation of said contents data from said information receiving apparatus during a purchasing process of said contents 
data. 

264. The information receiving apparatus according to claim 263, comprising means for encrypting said accounting 
information by a temporary key shared with said information regulating apparatus; and wherein: 

said means for adding adds said signature to said accounting information encrypted as above. 

265. The information receiving apparatus according to claim 260, comprising means for connecting online to said in- 
formation regulating apparatus via a predetermined information sending apparatus sending said contents data. 

266. An information provision method, comprising: 

a sending step of, by an information receiving apparatus, receiving predetermined contents data, adding a 
signature to utilization permission data showing the received contents data and sending it; 
a utilization prohibiting step of, by an information regulating apparatus, verifying a signature on said utilization 
permission data to determine whether or not the utilization permission data is illegal data, and prohibiting the 
information receiving apparatus from utilizing said contents data if it determines that the data is illegal data. 

267 . The information provision method according to claim 266, wherein: 

said utilization prohibiting step verifies a signature on said utilization permission data, and determines that 
said utilization permission data is illegal data if the utilization permission data is tampered to show contents data 
different from said contents data received by said information receiving apparatus. 

268. The information provision method according to claim 267, wherein: 

said sending step adds said signature to said utilization permission data prescribing the rights to utilize said 
contents data and sends it; and 

said utilization prohibiting step verifies a signature on said utilization permission data, and determines that 
said utilization permission data is illegal data if said utilization rights prescribed by said data is tampered to 
prescribe other utilization rights. 

2 69 . The information provision method according to claim 268, wherein: 

said sending step sends said utilization permission data to said information regulating apparatus to which 
said information receiving apparatus is connected online via an information sending apparatus sending said con- 
tents data. 

270 An information regulating method by an information regulating apparatus connected online with a predetermined 
information receiving apparatus, comprising: 

a receiving step of receiving utilization permission data showing predetermined contents data and to which a 
signature is added sent from said information receiving apparatus; 

. e determining step of verifying the signature on said utilization permission data to determine whether or not 
the utilization permission data is illegal data; and 

* a notifying step of notifying said information receiving apparatus, if it determines that said utilization permission 
data is illegal data as a result of verifying said signature, of nonpermission of utilization of said contents data 
and prohibiting said information receiving apparatus from utilizing said contents data. 

271. The information regulating method according to claim 270, wherein: 

said means for determining verifies a signature on said utilization permission data, and determines that said 
utilization permission data is illegal data if the utilization permission data is tampered to show contents data different 
from said contents data received by said information receiving apparatus. 

272. The information regulating method according to claim 271, wherein: 

said receiving step receives said utilization permission data prescribing the rights to utilize said contents data 
and to which said signature is added; and 

said determining step verifies a signature on said utilization permission data, and determines that said utiliza- 
tion permission data is illegal data if said utilization rights are tampered to prescribe other utilization rights. 
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273. The information regulating method according to claim 270, wherein: 

said receiving step receives accounting information generated during a purchasing process of said contents 
data and to which said signature is added as said utilization permission data; 
5 said determining step verifies the signature on said accounting information to determine whether or not said 

accounting information is illegal data; and 

said notifying step notifies said information receiving apparatus, if it determines that said accounting informa- 
tion is illegal data since it is tampered as a result of verifying said signature, of suspension of the purchasing 
process as nonpermission of utilization of said contents data and prohibits said information receiving apparatus 
10 from purchasing said contents data. 

274. The information regulating method according to claim 273, comprising a decrypting step of decrypting predeter- 
mined encrypted data; and wherein: 

15 =said receiving step receives accounting information to which said signature is added after being encrypted by 

a temporary key shared between said information regulating apparatus and said information receiving appa- 
ratus; 

said determining step verifies the signature on said accounting information to determine whether or not said 
accounting information is illegal data; and 
20 said decrypting step decrypts said encrypted accounting information by said temporary key if it is determined 

that said accounting information is justifiable data as a result of verifying said signature. 

275. A data utilization method for utilizing predetermined contents data by an information receiving apparatus connected 
online to a predetermined information regulating apparatus, comprising: 

25 

a receiving step of receiving predetermined contents data that is sent; 

an adding step of adding to utilization permission data showing said contents data a signature capable of 
detecting whether or not said contents data shown by the utilization permission data is tampered to be other 
contents data; and 

30 a sending step of sending said utilization permission data to which said signature is added to said information 

regulating apparatus which decides whether or not to prohibit utilization of said contents data according to the 
result of verification of said signature. 

276. An data utilization method according to claim 275, wherein: 

35 said adding step adds said signature in order to allow detection of whether or not said utilization permission 

data prescribing the rights to utilize said contents data is tampered to prescribe other utilization rights. 

277 . The data utilization method according to claim 275, comprising a purchase processing step of performing a pur- 
chasing process of said contents data and generating accounting information for purchase of said contents data; 

40 and wherein: 

said adding step adds said signature to said accounting information generated during a purchasing process 
of said contents data as said utilization permission data. 

278. The data utilization method according to claim 277, comprising a receiving step of receiving a notice of whether 
45 or not utilization of said contents data is prohibited from said information regulating apparatus; and wherein: 

said purchase processing step suspends said purchasing process if notified of nonpermission of utilization 
of said contents data from said information receiving apparatus during a purchasing process of said contents data. 

279. The data utilization method according to claim 278, comprising an encrypting step of encrypting said accounting 
50 information by a temporary key shared with said information regulating apparatus; and wherein: 

said means for adding adds said signature to said accounting information encrypted as above. 

280. The data utilization method according to claim 275, comprising a connecting step of being connected online to 
said information regulating apparatus via a predetermined information sending apparatus sending said contents 

55 data. 

281 .A program storage medium storing a predetermined program and supplying the program to an information regu- 
lating apparatus, characterized in that said program comprises: 
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a receiving step of receiving utilization permission data showing predetermined contents data and to which a 
sianature is added sent from said information receiving apparatus connected online; 

a determining step of verifying the signature on said utilization permission data to determine whether or not 
the utilization permission data is illegal data; and 
5 a notifying step of notifying said information receiving apparatus, if it determines that said utilization permission 

data is illegal data as a result of verifying said signature, of nonpermission of utilization of said contents data 
and prohibiting said information receiving apparatus from utilizing said contents data. 

282.The program storage medium according to claim 281, wherein: 
10 said determining step of said program verifies a signature on said utilization permission data, and determines 

that said utilization permission data is illegal data if the utilization permission-data is tampered to show contents 
data different from said contents data received by said information receiving apparatus. 



283. The program storage medium according to claim 282, wherein: 

15 

said receiving step of said program receives said utilization permission data prescribing the rights to utilize 
said contents data and to which said signature is added; and 

said determining step verifies a signature on said utilization permission data, and determines that said utiliza- 
tion permission data is illegal data if said utilization rights are tampered to prescribe other utilization rights. 

20 

284. The program storage medium according to claim 281, wherein: 

said receiving step of said program receives accounting information generated during a purchasing process 
of said contents data and to which said signature is added as said utilization permission data; 
25 said determining step verifies the signature on said accounting information to determine whether or not said 

accounting information is illegal data; and 

said notifying step notifies said information receiving apparatus, if it determines that said accounting informa- 
tion is illegal data since it is tampered as a result of verifying said signature, of suspension of the purchasing 
process as nonpermission of utilization of said contents data and prohibits said information receiving apparatus 
30 from purchasing said contents data. 

285. The program storage medium according to claim 284, wherein said program comprises a decrypting step of de- 
crypting predetermined encrypted data; and wherein: 

35 said receiving step receives said accounting information to which said signature is added after being encrypted 

by a temporary key shared between said information regulating apparatus and said information receiving ap- 
paratus; 

said determining step verifies the signature on said accounting information to determine whether or not said 
accounting information is illegal data; and 
40 said decrypting step decrypts said encrypted accounting information by said temporary key if it is determined 

that said accounting information is justifiable data as a result of verifying said signature. 

286. A program storage medium for storing a predetermined program and supplying the program to an information 
receiving apparatus, characterized in that said program comprises: 

45 

a receiving step of receiving predetermined contents data by an information receiving apparatus connected 
online to a predetermined information regulating apparatus; 

an adding step of adding to utilization permission data showing said contents data a signature capable of 
detecting whether or not said contents data shown by the utilization permission data is tampered to be other 
so contents data; and 

a sending step of sending said utilization permission data to which said signature is added to said information 
regulating apparatus which decides whether or not to prohibit utilization of said contents data according to the 
result of verification of said signature. 



55 287 .The program storage medium according to claim 286, wherein: 

said adding step of said program adds said signature in order to allow detection of whether or not said 
utilization permission data prescribing the rights to utilize said contents data is tampered to prescribe other utili- 
zation rights. 
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288. The program storage medium according to claim 286. wherein said program comprises a purchase processing 
step of performing a purchasing process of said contents data and generating accounting information for purchase 
of said contents data; and 

said adding step adds said signature to said accounting information generated during a purchasing process 
5 of said contents data as said utilization permission data. 

289. The program storage medium according to claim 288, wherein said program comprises a receiving step of receiving 
a notice of whether or not utilization of said contents data is prohibited from said information regulating apparatus; 
and 

10 said purchase processing step suspends said purchasing process if notified of nonpermission of utilization 

of said contents data from said information receiving apparatus during a purchasing process of said contents data. 

290. The program storage medium according to claim 289, wherein said program comprises an encrypting step of 
encrypting said accounting information by a temporary key shared with said information regulating apparatus; and 

15 - said adding step adds said signature to said accounting information encrypted as above. 

291 .The program storage medium according to claim 286, wherein said program comprises a connecting step of being 
connected online to said information regulating apparatus via a predetermined information sending apparatus 
sending said contents data. 

20 

292 An information provision system supplying predetermined contents data sent from an information sending appa- 
ratus to an information provision apparatus, wherein said information sending apparatus comprises: 

means for encrypting said contents data by a predetermined content key; 
25 means for sending said content key and said contents data encrypted by the content key; and 

said information provision apparatus comprises: 

means for receiving said content key and said contents data encrypted by the content key sent from said 
information sending apparatus; 
30 means for decrypting by said content key said contents data encrypted by the content key; 

means for inserting a digital watermark, that is, inserting by a digital watermark predetermined information 
into the contents data decrypted by said content key; and 

means for recording the contents data with said information inserted on a removable record medium. 

35 293.The information provision system according to claim 292, wherein said means for inserting a digital watermark of 
said information provision apparatus inserts said information for limiting duplication into said contents data by said 
digital watermark. 

294. The information provision system according to claim 292, wherein said information sending apparatus comprises 
40 means for generating handling policies prescribing conditions for using said contents key; and 

said means for sending sends said handling policies together with said content key and said contents data 
encrypted by the content key; and 
said information provision apparatus comprises: 
45 means for creating license conditions information prescribing conditions for using said contents data based 

on said handling policies; and 

means for storing, that is, sending said license conditions information together with said content key and said 
contents data encrypted by the content key to a predetermined removable data storage apparatus and storing 
them thereon. 

so 

295. The information provision system according to claim 294, wherein said means for storing of said information pro- 
vision apparatus sends said handling policies together with said content key and said contents data encrypted by 
the content key to said data storage apparatus and stores them thereon, and creates said license conditions 
information by said data storage apparatus based on said handling policies and stores them thereon. 

55 

296. The information provision system according to claim 295, comprising a management apparatus for managing 
sending of said contents data from said information sending apparatus to said information provision apparatus; 
and wherein: 
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said means for storing of said information provision apparatus sends identification information for identifying 
said data storage apparatus to said management apparatus; and 

said management apparatus manages said data storage apparatus storing said contents data based on said 
identification information. 

297. An information provision apparatus supplying predetermined contents data sent from an information sending ap- 
paratus, comprising: 

means for receiving said contents data encrypted by a predetermined content key and the content key sent 
from said information sending apparatus; 

means for decrypting by said content key the contents data encrypted by the content key; 

means for inserting a digital watermark, that is, inserting by a digital watermark predetermined information into 

said contents data decrypted by said content key; and 

means for recording said contents data with said information inserted on a removable record medium. 

298. The information provision apparatus according to claim 297, wherein said means for inserting a digital watermark 
inserts said information for limiting duplication into said contents data by said digital watermark. 

299. The information provision apparatus according to claim 297, comprising: 

means for creating license conditions information prescribing conditions for using said contents data based 
on the handling policies prescribing conditions for using said content key sent from said information sending 
apparatus together with said content key and said contents data encrypted by the content key; and 
means for storing, that is, sending said license conditions information together with said content key and said 
contents data encrypted by the content key to a predetermined removable data storage apparatus and storing 
them thereon. 

300. The information provision apparatus according to claim 299, wherein said means for storing sends to said data 
storage apparatus said content key and said contents data encrypted by the content key and said handling policies 
and stores them thereon, and creates said license conditions information by said data storage apparatus based 
on said handling policies and stores them thereon. 

301 An information provision apparatus providing predetermined contents data sent from an information sending ap- 
paratus, comprising: 

means for creating license conditions information prescribing conditions for using said contents data based 
on the handling policies prescribing conditions for using said content key sent from said information sending 
apparatus together with said content key and said contents data encrypted by said content key; and 
means for storing, that is, sending said license conditions information together with said content key and said 
contents data encrypted by said content key to said predetermined removable data storage apparatus and 
storing them thereon. 

302. The information provision apparatus according to claim 301, wherein said means for storing sends to said data 
storage apparatus said content key, said contents data encrypted by the content key and said handling policies 
and stores them thereon, and creates said license conditions information by said data storage apparatus based 
on said handling policies and stores them thereon. 

303. A removable data storage apparatus for storing predetermined contents data sent from an information provision 
apparatus, comprising: 

a predetermined record medium; 

means for receiving said content key, said contents data encrypted by the content key and license conditions 
information prescribing the conditions for using said contents data created as required based on the handling 
policies prescribing conditions for using said content key sent from said information provision apparatus; and 
means for recording on said record medium said content key, said contents data encrypted by the content key 
and said license conditions information. 

304. The data storage apparatus according to claim 303, comprising means for creating said license conditions infor- 



126 



EP 1 128 598 A1 



mation based on said handling policies sent from said information provision apparatus; wherein: 

said means for recording records on said record medium said content key. said contents data encrypted by 
the content key and said license conditions information created by said means for creating said license conditions 
information when said content key, said contents data encrypted by the content key and said handling policies are 
sent from said information provision apparatus. 

305 An information provision method for providing predetermined contents data sent from an information sending ap- 
paratus to an information provision apparatus, comprising: 

a data sending step of sending a predetermined content key and said contents data encrypted by the content 
key by said information sending apparatus; and 

a receiving step of receiving said content key and said contents data encrypted by the content key by said 
information provision apparatus; 

a decrypting step of decrypting by said content key the contents data encrypted by said content key by said 
information provision apparatus; 

a digital watermark inserting step of inserting by a digital watermark predetermined information into said con- 
tents data decrypted by said content key by said information provision apparatus; and 
a data recording step of recording on a removable record medium said contents data with said information 
inserted by said information provision apparatus. 

306. The information provision method according to claim 305, wherein said digital watermark inserting step inserts 
said information for limiting duplication into said contents data by said digital watermark. 

307 . The information provision method according to claim 305, comprising: 

a handling policies generating step of generating handling policies prescribing conditions for using said con- 
tents key to be sent to said information provision apparatus by said information sending apparatus; 
a license conditions information creating step of creating license conditions information prescribing conditions 
for using said contents data based on said handling policies by said information provision apparatus; and 
a storing step of sending said license conditions information together with said content key and said contents 
data encrypted by the content key to a predetermined removable data storage apparatus and storing them 
thereon by said information provision apparatus. 

308 The information provision method according to claim 307, wherein said storing step sends said handling policies 
together with said content key and said contents data encrypted by the content key to said data storage apparatus 
and stores them thereon, and creates said license conditions information by said data storage apparatus based 
on said handling policies and stores them thereon. 

309. The information provision method according to claim 308, comprising: 

an identification information sending step of sending identification information for identifying said data storage 
apparatus to a management apparatus managing sending of said contents data from said information sending 
apparatus to said information provision apparatus by said information provision apparatus; and 
a managing step of managing said data storage apparatus storing said contents data based on said identifi- 
cation information by said management apparatus. 

31 0. An information provision method for providing predetermined contents data by an information provision apparatus, 
comprising: 

a receiving step of receiving said contents data encrypted by a predetermined content key and the content 
key sent from an information sending apparatus; 

a decrypting step of decrypting by said content key said contents data encrypted by the content key; 
a digital watermark inserting step of inserting by a digital watermark predetermined information into said con- 
tents data decrypted by said content key; and 

a data recording step of recording said contents data with said information inserted on a removable record 
medium. 

311. The information provision method according to claim 310. wherein said digital watermark inserting step inserts 
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said information for limiting duplication into said contents data by said digital watermark. 

312. The information provision method according to claim 310, comprising: 

5 a license conditions information creating step of creating license conditions information prescribing conditions 

for using said contents data based on handling policies prescribing conditions for using said content key sent 
from said information sending apparatus together with said content key and said contents data encrypted by 
the content key; and 

a storing step of sending said license conditions information together with said content key and said contents 
10 data encrypted by the content key to a predetermined removable data storage apparatus and storing them 

thereon. 

313. The information provision method according to claim 312, wherein said storing step sends to said data storage 
apparatus said content key, said contents data encrypted by the content key and said handling policies and stores 

15 them thereon, and creates said license conditions information by said data storage apparatus based on said han- 

dling policies and stores them thereon. 

314J\n information provision method for providing predetermined contents data by an information provision apparatus, 
comprising: 

20 

a license conditions information creating step of creating license conditions information prescribing conditions 
for using said contents data based on handling policies prescribing conditions for using said content key sent 
from said information sending apparatus together with said content key and said contents data encrypted by 
the content key; and 

25 a storing step of sending said license conditions information together with said content key and said contents 

data encrypted by the content key to a predetermined removable data storage apparatus and storing them 
thereon. 

315. The information provision method according to claim 314, wherein said storing step sends to said data storage 
30 apparatus said content key, said contents data encrypted by the content key and said handling policies and stores 

them thereon, and creates said license conditions information by said data storage apparatus based on said han- 
dling policies and stores them thereon. 

316. A data store method for storing predetermined contents data sent from an information provision apparatus on a 
35 removable data storage apparatus, comprising: 

a receiving step of receiving said content key, said contents data encrypted by the content key and license 
conditions information prescribing conditions for using said contents data created as required based on han- 
dling policies prescribing conditions for using said content key sent from said information provision apparatus; 
40 and 

a recording step of recording said content key, said contents data encrypted by the content key and said license 
conditions information on a record medium. 

317. The data store method according to claim 316, comprising a license conditions information creating step of creating 
45 said license conditions information based on said handling policies sent from said information provision apparatus; 

wherein: 

said recording step records on said record medium said content key, said contents data encrypted by the 
content key and said license conditions information created by said means for creating said license conditions 
information when only said content key, said contents data encrypted by the content key and said handling policies 
50 are sent from said information provision apparatus. 

318. A program storage medium for storing a predetermined program and supplying the program to an information 
provision apparatus, wherein said program comprises: 

55 a receiving step of receiving said contents data encrypted by a predetermined content key and the content 

key sent from said information sending apparatus; 

a decrypting step of decrypting by said content key said contents data encrypted by the content key; 

a digital watermark inserting step of inserting by a digital watermark predetermined information into said con- 
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tents data decrypted by said content key; and 

a data recording step of recording said contents data with said information inserted on a removable record 
medium. 

5 319 The program storage medium according toclaim 318, wherein said digital watermark inserting step of said program 
inserts said information for limiting duplication into said contents data by said digital watermark. 

320.The program storage medium according to claim 318, wherein said program comprises: 

10 a license conditions information creating step of creating license conditions information prescribing conditions 

for using said contents data based on said handling policies prescribing conditions for using said content key 
sent from said information sending apparatus together with said content key and said contents data encrypted 
by the content key; and 

a storing step of sending said license conditions information together with said content key and said contents 
15 "data encrypted by the content key to a predetermined removable data storage apparatus and stonng them 

thereon. 

321 The-program storage medium according to claim 320. wherein said storing step of said program sends to said 
data storage apparatus said content key, said contents data encrypted by the content key and said handl.ng poltc.es 
20 and stores them thereon, and creates said license conditions information by said data storage apparatus based 

on said handling policies and stores them thereon. 

322. A program storage medium for storing a predetermined program and supplying the program to an information 
provision apparatus, wherein said program comprises: 

a license conditions information creating step of creating license conditions information prescribing conditions 
for using said contents data based on handling policies prescribing conditions for using said content key sent 
from said information sending apparatus together with said content key and said contents data encrypted by 
the content key; and 

30 a storing step of sending said license conditions information together with said content key and said contents 

data encrypted by the content key to a predetermined removable data storage apparatus and stonng them 
thereon. 

323. The program storage medium according to claim 322, wherein said storing step of said program sends to said 
35 data storage apparatus said content key. said contents data encrypted by the content key and said handling policies 

and stores them thereon, and creates said license conditions information by said data storage apparatus based 
on said handling policies and stores them thereon. 

324 JK program storage medium for storing a predetermined program and supplying the program to a data storage 
40 apparatus, wherein said program comprises: 

a receiving step of receiving said content key. said contents data encrypted by the content key and license 
conditions information prescribing conditions for using said contents data created as required based on han- 
dling policies prescribing conditions for using said content key sent from said information provision apparatus 
45 to said removable data storage apparatus; and 

a recording step of recording said content key, said contents data encrypted by the content key and said license 
conditions information on a record medium. 

325. The program storage medium according to claim 324, wherein said program comprises: 

a license conditions information creating step of creating said license conditions information based on said 
handling policies sent from said information provision apparatus; wherein: 

said recording step records on said record medium said content key, said contents data encrypted by the 
content key and said license conditions information created by said license conditions information creating 
55 step when only said content key. said contents data encrypted by the content key and said handling policies 

are sent from said information provision apparatus. 

326. An information recording apparatus for storing predetermined contents data on a predetermined data storage 
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apparatus, comprising: 

a contents server holding a plurality of said contents data; 

means for selecting, that is, managing each of said contents data held on said contents server by categoriza- 
tion, and if said category and the number of contents that are desired are specified, arbitrarily selecting a 
plurality of said contents data equivalent to said specified number of contents of said contents data belonging 
to said specified category; and 

means for storing, that is, reading each of said selected contents data from said contents server and storing 
it on said data storage apparatus. 

327 .The information recording apparatus according to claim 326, comprising means for generating a random number 
based on said specified number of contents; and wherein said means for selecting selects each of said contents 
data by using said random number. 

15 328.The information recording apparatus according to claim 327, comprising means for creating license conditions 
information prescribing the rights to utilize each of said contents data selected by said means for selecting; and 
wherein: 

said means for storing stores said license conditions information together with each of said contents data on 
said data storage apparatus. 

20 

329.The information recording apparatus according to claim 328. wherein said means for creating license conditions 
information creates said license conditions information prescribing said utilization rights so as to limit the number 
of times of reproduction of each of said contents data. 

25 330.The information recording apparatus according to claim 328, wherein said means for creating license conditions 
information creates said license conditions information prescribing said utilization rights so as to limit the period 
of reproduction of each of said contents data. 

331 .The information recording apparatus according to claim 328, wherein said means for creating license conditions 
30 information creates said license conditions information so as to store predetermined identification information; and 

said means for storing detects said contents data to be deleted based on said identification information stored 
in said license conditions information and stores said contents data that is new so as to overwrite said detected 
contents data. 

35 332.A data storage apparatus for storing predetermined contents data by an information recording apparatus, com- 
prising: 

a predetermined record medium; 

means for receiving a plurality of said contents data belonging to said desired category and equivalent to said 
desired number of contents, of a plurality of said categorized contents data sent from said information recording 
apparatus; 

means for recording each of said contents data collectively on said record medium. 

333. The data storage apparatus according to claim 332, wherein said means fdr recording records on said record 
45 medium each of said contents data and said license conditions information prescribing the rights to utilize each of 

said contents data by sending said license conditions information together with each of said contents data from 
said information recording apparatus. 

334. The data storage apparatus according to claim 333, wherein said means for recording records on said record 
50 medium said license conditions information prescribing said utilization rights so as to limit the number of times of 

reproduction of said contents data together with said contents data. 

335. The data storage apparatus according to claim 333, wherein said means for recording records on said record 
medium said license conditions information prescribing said utilization rights so as to limit the period of reproduction 

55 of said contents data together with said contents data. 

336. A data store method for storing predetermined contents data on a data storage apparatus by an information re- 
cording apparatus, comprising: 
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a selecting step of managing a plurality of said contents data held on a contents server in advance by cate- 
gorization, and if said category and the number of contents that are desired are specified, arbitrarily selecting 
a plurality of said contents data equivalent to said specified number of contents, of said contents data belonging 
to said specified category; and 
5 a storing step of reading each of said selected contents data from said contents server and storing it on said 

data storage apparatus. 

337.The data store method according to claim 336. comprising a random number generating step of generating a 
random number based on said specified number of contents; and wherein: 
10 said selecting step selects each of said contents data by using said random number. 

338 The data store method according to claim 337, comprising a license conditions information creating step of creating 
license conditions information prescribing the rights to utilize each of said contents data selected by said step of 
selecting; and 

t5 * said storing step stores said license conditions information together with each of said contents data on said 

data storage apparatus. 

339.The<Jata store method according to claim 338, wherein said license conditions information creating step creates 
said license conditions information prescribing said utilization rights so as to limit the number of times of reproduc- 
20 tion of each of said contents data. 

340 The data store method according to claim 338, wherein said license conditions information creating step creates 
said license conditions information prescribing said utilization rights so as to limit the period of reproduction of 
each of said contents data. 

25 

341 .The data store method according to claim 338, wherein said license conditions information creating step creates 
said license conditions information so as to store predetermined identification information; and 

said storing step detects said contents data to be deleted based on said identification information stored in 
said license conditions information and stores said contents data that is new so as to overwrite said detected 
30 contents data. 

342. A data store method for storing predetermined contents data on a data storage apparatus by an information re- 
cording apparatus, comprising: 

35 a contents receiving step of receiving a plurality of said contents data belonging to said desired category and 

equivalent to said desired number of contents, of a plurality of said categorized contents data sent from said 
information recording apparatus to said data storage apparatus; and 

a recording step of recording each of said contents data collectively on a record medium in said data storage 
apparatus. 

40 

343. The data store method according to claim 342, wherein-said recording step records on said record medium each 
of said contents data and said license conditions information prescribing the rights to utilize each of said contents 
data by sending said license conditions information together with each of said contents data from said information 
recording apparatus. 

344. The data store method according to claim 343, wherein said recording step records on said record medium said 
license conditions information prescribing said utilization rights so as to limit the number of times of reproduction 
of each of said contents data together with each of said contents data. 

50 345.The data store method according to claim 343, wherein said recording step records on said record medium said 
license conditions information prescribing said utilization rights so as to limit the period of reproduction of each of 
said contents data together with each of said contents data. 

346.A program storage medium for storing a predetermined program and supplying the program to an information 
55 recording apparatus, wherein said program comprises: 

a selecting step of managing a plurality of said contents data held on a contents server in advance by cate- 
gorization, and if said category and the number of contents that are desired are specified, arbitrarily selecting 
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a plurality of said contents data equivalent to said specified number of contents, of a plurality of said contents 

rss^xssssi sisss — - — - — — - - 

data storage apparatus. 

347.The program storage medium according to claim 346. wherein said program 'random number gener- 

ating step of generating a random number based on said spec-fled number of center^ and 
said selecting step selects each of said contents data by using sa.d random number. 

348 The program storage medium according to claim 347, wherein said program comprises a license ^i^nsirrfo^ 
SSSSSLb step of creating Hcense conditions information prescribing the rights to uflhze each of sa,d contents 

data storage apparatus. 

349 The program storage medium according to claim 348. wherein said '^".^l^'Srllr.f!^^ 
of saW program creates said license conditions information prescribing sa.d utl.zat.on nghts so as to limit the 
number of times of reproduction of each of said contents data. 

350 The program storage medium according to claim 348. wherein said license conditions irrformatlon ^e^ng step 
o^rd pSram creates said license conditions infornurfonpre^ 

of reproduction of each of said contents data. 

«1 The orooram storage medium according to claim 348. wherein said license conditions information creating step 
of safd^Sram cSL said license conditions information so as to store predetermined identification .nformaflon: 



and 



said storing step detects said contents data to be deleted based on said identification information stored in 
said license conditions information and stores said contents data that is new so as to overwnte sa.d detected 
contents data. 

352-A program storage medium for storing a predetermined program and supplying the program to a data storage 
apparatus, wherein said program comprises: 

a contents receiving step of receiving a plurality of said contents data belonging to said desired category and 
JSSSt to* Zd dumber of contents, of a plurality of said categorized contents data sentfrom an .nfor- 

mation recording apparatus; and i m ^Hi, im 

a recording step of recording each of said contents data collectively on a record med.um. 

353 The program storage medium according to claim 352. wherein said recording step of said program Records on 
353.Tne Pro9™n » a contents data and said license conditions information prescnbmg the nghts to 

rze^Tsa!^ 
data from said information recording apparatus. 

354 The program storage medium according to claim 353, wherein said recording step of said pr^ram records on 
Jaia reSrd medium said iicense conditions information prescribing said utilization nghts so , as to i.m.t the number 
of times of reproduction of each of said contents data together with each of sa.d contents data. 

355 The program storage medium according to claim 353, wherein said recording step of said Program records on 
said reSrd medium said license conditions information prescribing said utilization nghts so as to l,m.t the penod 

so of reproduction of each of said contents data together with each of said contents data. 

356An information provision system constructed of an information sending apparatus, an information receiving appa- 
ratus and a list sending apparatus, wherein: 

55 said information sending apparatus comprises: 

means for sending predetermined contents data; and 
said list sending apparatus comprises: 
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means for creating a provision prohibition list showing said contents data designated as provision-prohib- 
ited; and 

means for sending said prohibition list; and 
said information receiving apparatus comprises: 

means for receiving said contents data and said provision prohibition list; 

means for determining whether or not said contents data sent from said information sending apparatus 
is provision-prohibited based on said provision prohibition list; and 

means for stopping capture of the contents data in the case where said contents data is provision- 
prohibited according to results of determination acquired from said means for determining. 

357 The information provision system according to claim 356, wherein said list sending apparatus comprises a means 
for registering said information sending apparatus designated as utilization-prohibited on said provision prohibition 
list; 

said means for determining of said information receiving apparatus determines whether or not said contents 
data sent from said information sending apparatus is provision-prohibited as above and also determines wheth- 
er or not said information sending apparatus is utilization-prohibited as above based on said provision prohi- 
bition list; and 

said means for stopping capture stops capture of said contents data in the case where said contents data is 
provision-prohibited as above and in the case where said information sending apparatus is utilization-prohib- 
ited as above according to results of determination acquired from said means for determining respectively. 

358.The information provision system according to claim 357, wherein: 
25 said information receiving apparatus comprises: 

one or more online apparatuses connected online to said list sending apparatus and receiving said provision 
prohibition list; and 

one or more offline apparatuses not connected online to said list sending apparatus; and 
30 said online apparatus comprises: 

means for an online apparatus for sending a list, that is, sending said provision prohibition list to said 
offline apparatus on connecting the offline apparatus; 

means for an online apparatus for receiving, that is, directly receiving said contents data sent from said 
35 information sending apparatus, or receiving said contents data sent from said information sending appa- 

ratus via other online apparatus and offline apparatus; and 

means for an online apparatus for stopping capture of said contents data as required based on said pro- 
vision prohibition list; and 
said offline apparatus comprises: 

means for an offline apparatus for sending a list, that is, sending said provision prohibition list to said 
offline apparatus as required on connecting the offline apparatus; 

means for an offline apparatus for receiving, that is, receiving said provision prohibition list sent from 
said online apparatus, and also directly receiving said contents data sent from said information send- 
ing apparatus, or receiving said contents data sent from said information sending apparatus via other 
online apparatus and offline apparatus; and 
means for an offline apparatus for stopping capture of said contents data as required based on said 
provision prohibition list. 

so 359.The information provision system according to claim 358, wherein: 

said online apparatus comprises means for an online apparatus for. if said means for an online apparatus for 
receiving receives said contents data sent from said offline apparatus, determining whether or not said contents 
data is provision-prohibited as above and also determining whether or not said information sending apparatus 
55 that is the source of the contents data is utilization-prohibited as above based on said provision prohibition list; 

said means for an online apparatus for stopping capture stops capture of said contents data in the case where 
said contents data is provision-prohibited as above and in the case where said information sending apparatus 
is utilization-prohibited as above according to results of determination acquired from said means for an online 
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apparatus for determining; and „. 

m-ans for an online apparatus for sending a list sends said provision proh.b.t.on list to saKl offline appa- 
ratus in the case where said contents data is provision-prohibited as above and in the case where sa,d infor- 
mation sending apparatus is utilization-prohibited as above. 

360.The information provision system according to claim 359, wherein: 

said offline apparatus comprises means for an offline apparatus for. if means for an offline apparatus forre- 
Sving receives said contents data sent from another offline apparatus, determines .whether or not said con- 
tents data is provision-prohibited as above and also determining whether or not said information sending ap- 
paratus that is the source of the contents data is utilization-prohibited as above based on said prov.s.on po- 

mSSlS an offline apparatus for stopping capture stops capture of said contort In the cal ^e»^ 
contents data is provision-prohibited as above and in the case where said information^ sending a PP™*»« 
utilization-prohibited as above according to results of determination acquired from said means for an offline 

E^ZZ^ZZ* ** sending a Hst sends said provision prohibition Hst to another offline 
SppamL as above in the case where said contents data is provision-prohibited as above and in the case 
where said information sending apparatus is utilization-prohibited as above. 

361 .A list sending apparatus for sending a predetermined list to an information receiving apparatus receiving prede- 
termined contents data sent from an information sending apparatus, compnsing: 

means for creating a provision prohibition list showing said contents data designated as provision-prohibited; 
nleans for sending said provision prohibition list to said information receiving apparatus. 

362. The list sending apparatus according to claim 361 . wherein said means for creating a list registers said information 
sending apparatus designated as utilization-prohibited on said provision prohibition list 

363. The list sending apparatus according to daim 362, wherein: 

said meansfor creating a listupdates said provision prohibition list every time said contents d ^tedeslgnated 
as provision-prohibited as above or every time said information sending apparatus ,s designated as utilization- 
said metl^Sndir^sends said provision prohibition list to said information receiving apparatus every time 
it is updated. 

364An information receiving apparatus for receiving predetermined contents data sent from an information sending 
apparatus and a predetermined list sent from a list sending apparatus, compnsing: 

means for receiving a provision prohibition list showing said contents data designated as provision-prohibited 

sent from said list sending apparatus; 

means for holdinq said provision prohibition list; 

means for determining whether or not said contents data sent from said information sending apparatus rs 
provision-prohibited based on said provision prohibition list; and Kihil ^ 
means for stopping capture of said contents data In the case where the contents data is provision-proh.b.ted 
as above according to results of determination acquired from said means for determining. 

365.The information receiving apparatus according to claim 364, wherein: 

said means for holding a list holds said provision prohibition list showing said information sending apparatus 
designated as utilization-prohibited together with said contents data designated as provis.on-proh.b.ted as 

above sent from said list sending apparatus; pQ .. 

said means for determining determines whether or not said contents data sent from said 
apparatus is provision-prohibited as above and also determines whether or not said information sending ap- 
paratus is utilization-prohibited as above based on said provision proh.bit.on l.st; „ tenteHn t a ta 
said means for stopping capture stops capture of said contents data in the case where sa.d contents data rs 
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provision-prohibited as above and in the case where said information sending apparatus is utilization-prohib- 
ited as above respectively. 

366.The information receiving apparatus according to claim 365, comprising: 

one or more online apparatuses connected online to said list sending apparatus and receiving said provision 
prohibition list; and . 
one or more offline apparatuses not connected online to said list sending apparatus; and wherein 
said online apparatus comprises: 

means for an online apparatus for sending a list, that is, sending said provision prohibition list to said 
offline apparatus on connecting the offline apparatus; 

means for an online apparatus for receiving, that is, directly receiving said contents data sent from said 
information sending apparatus, or receiving said contents data sent from said information sending appa- 
ratus via other online apparatus and offline apparatus; and 

means for an online apparatus for stopping capture of said contents data as required based on said pro- 
vision prohibition list; and 
said offline apparatus comprises: 

means for an offline apparatus for sending a list, that is, sending said provision prohibition list to said 
offline apparatus as required on connecting the offline apparatus; 

means for an offline apparatus for receiving, that is, receiving said provision prohibition list sent from 
said online apparatus, and also directly receiving said contents data sent from said information send- 
ing apparatus, or receiving said contents data sent from said information sending apparatus via other 
online apparatus and offline apparatus; and 

means for an offline apparatus for stopping capture of said contents data as required based on said 
provision prohibition list. 

367-The information receiving apparatus according to claim 366, wherein: 

said online apparatus comprises means for an online apparatus for, if said means for an online apparatus for 
receiving receives said contents data sentfrom said offline apparatus, determining whether or not said contents 
data is provision-prohibited as above and also determining whether or not said information sending apparatus 
that is the source of the contents data is utilization-prohibited as above based on said provision prohibition list; 
said means for an online apparatus for stopping capture stops capture of said contents data in the case where 
said contents data is provision-prohibited as above and in the case where said information sending apparatus 
is utilization-prohibited as above according to results of determination acquired from said means for an online 
apparatus for determining; and 

said means for an online apparatus for sending a list sends said provision prohibition list to said offline appa- 
ratus in the case where said contents data is provision-prohibited as above and in the case where said infor- 
mation sending apparatus is utilization-prohibited as above. 

3 68 . The information receiving apparatus according to claim 367, wherein: 

said offline apparatus comprises means for an offline apparatus for, if means for an offline apparatus for re- 
ceiving receives said contents data sent from another offline apparatus, determining whether or not said con- 
tents data is provision-prohibited as above and also determining whether or not said information sending ap- 
paratus that is the source of the contents data is utilization-prohibited as above based on said provision pro- 
hibition list; 

means for an offline apparatus for stopping capture stops capture of said contents data in the case where said 
contents data is provision-prohibited as above and in the case where said information sending apparatus is 
utilization-prohibited as above according to results of determination acquired from said means for an offline 
apparatus for determining; and 

said means for an offline apparatus for sending a list sends said provision prohibition list to another offline 
apparatus as above in the case where said contents data is provision-prohibited as above and in the case 
where said information sending apparatus is utilization-prohibited as above. 

369 . An information provision method, comprising: 
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a sending step of creating a provision prohibition list showing said contents data designated as provision- 
prohibited and sending the created provision prohibition list by a list sending apparatus, and also sending 
predetermined contents data by an information sending apparatus; 

a receiving step of receiving said provision prohibition list and also receiving said contents data by an infor- 
mation receiving apparatus; 

a determining step of determining whether or not said contents data sent from said information sending ap- 
paratus is provision-prohibited as above based on said provision prohibition list by said information receiving 
apparatus; and 

a capture stopping step of stopping capture of said contents data in the case where said contents data is 
provision-prohibited as above according to results of determination acquired by said determining step. 

370. The information provision method according to claim 369, wherein: 

said sending step registers said information sending apparatus designated as utilization-prohibited as above 
on said provision prohibition list and sends it by said list sending apparatus; 

said determining step determines by said information receiving apparatus whether or not said contents data 
is provision-prohibited as above and also determines whether or not said information sending apparatus is 
utilization-prohibited as above based on said provision prohibition list; and 

said capture stopping step stops capture of said contents data in the case where it is determined by said 
information receiving apparatus that said contents data is provision-prohibited as above and in the case where 
it is determined by said information receiving apparatus that said information sending apparatus is utilization- 
prohibited as above respectively. 

371. The information provision method according to claim 370, comprising: 

an inter-apparatus list sending step of, on connecting said online apparatus to said offline apparatus, sending 
said provision prohibition list to the offline apparatus between one or more online apparatuses connected 
online to said list sending apparatus and receiving said provision prohibition list and one or more offline ap- 
paratuses not connected online to said list sending apparatus constituting said information receiving apparatus; 
and 

an apparatus capture stopping step of said online apparatus and offline apparatus directly receiving said con- 
tents data sent from said information sending apparatus or receiving said contents data sent from said infor- 
mation sending apparatus via other online apparatus and offline apparatus and stopping capture of the con- 
tents data as required based on said provision prohibition list. 

372. The information provision method according to claim 371, comprising: 

a first determination step of, if said contents data is sent from said offline apparatus, said online apparatus 
determining whether or not said contents data is provision-prohibited as above and also determining whether 
or not said information sending apparatus that is the source of the contents data is utilization-prohibited as 
above based on said provision prohibition list; and 

a first inter-apparatus list sending step of stopping capture of said contents data and also sending said provision 
prohibition list to said offline apparatus in the case where said contents data is provision-prohibited as above 
and in the case where said information sending apparatus is utilization-prohibited as above respectively. 

373. The information provision method according to claim 372, comprising: 

a second determination step of, if said contents data is sent from another offline apparatus, said offline appa- 
ratus determining whether or not said contents data is provision-prohibited as above and also determines 
whether or not said information sending apparatus that is the source of the contents data is utilization-prohibited 
as above based on said provision prohibition list; and 

a second inter-apparatus list sending step of stopping capture of said contents data and also sending said 
provision prohibition list to another offline apparatus as above in the case where said contents data is provision- 
prohibited as above and in the case where said information sending apparatus is utilization-prohibited as above 
respectively. 

374. A list sending method for sending a predetermined list to an information receiving apparatus receiving predeter- 
mined contents data sent from an information sending apparatus, comprising: 
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a list creating step of creating a provision prohibition list showing said contents data designated as provision- 
prohibited; and 

a sending step of sending said provision prohibition list to said information receiving apparatus. 

375. The list sending method according to claim 374, wherein said list creating step registers said information sending 
apparatus designated as utilization-prohibited on said provision prohibition list. 

376. The list sending method according to claim 375, wherein: 

said list creating step updates said provision prohibition list every time said contents data is designated as 
provision-prohibited as above or every time said information sending apparatus is designated as utilization- 
prohibited as above; and 

said sending step sends said provision prohibition list to said information receiving apparatus every time it is 
updated. 

377 An information receiving method for receiving predetermined contents data sent from an information sending ap- 
paratus and a predetermined list sent from a list sending apparatus, comprising: 

a receiving step of receiving a provision prohibition list showing said contents data designated as provision- 
prohibited sent from said list sending apparatus; 

a determining step of determining whether or not said contents data sent from said information sending ap- 
paratus is provision-prohibited based on said provision prohibition list; and 

a capture stopping step of stopping capture of said contents data in the case where the contents data is 
provision-prohibited as above according to results of determination acquired from said determining step. 

378.The information receiving method according to claim 377, wherein: 

said receiving step receives said provision prohibition list showing said information sending apparatus desig- 
nated as utilization-prohibited together with said contents data designated as provision-prohibited as above 
sent from said list sending apparatus; 

said determining step determines whether or not said contents data sent from said information sending appa- 
ratus is provision-prohibited as above and also determines whether or not said information sending apparatus 
is utilization-prohibited as above based on said provision prohibition list; 

said capture stopping step stops capture of said contents data in the case where said contents data is provision- 
prohibited as above and in the case where said information sending apparatus is utilization-prohibited as above 
respectively. 

379 An information receiving method by an online apparatus connected online to said list sending apparatus, compris- 
ing: 

an online apparatus receiving step of receiving said provision prohibition list sent from said list sending appa- 
ratus and also directly receiving said contents data sent from said information sending apparatus, or receiving 
said contents data sent from said information sending apparatus via another online apparatus as above or an 
offline apparatus not connected online to said list sending apparatus; and 

an online apparatus sending step of sending said provision prohibition list to said offline apparatus on con- 
necting the offline apparatus. 

380. The information receiving method according to claim 379, comprising: 

an online apparatus determining step of determining whether or not said contents data is provision-prohibited 
as above and also determining whether or not said information sending apparatus is utilization-prohibited as 
above based on said provision prohibition list; 

an online apparatus capture stopping step of stopping capture of said contents data in the case where said 
contents data is provision-prohibited as above and in the case where said information sending apparatus is 
utilization-prohibited as above respectively. 

381. The information receiving method according to claim 380, wherein: 

said online apparatus sending step sends said provision prohibition list to said offline apparatus when re- 
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ceiving said contents data sent from said offline apparatus in the case where said contents data is provision- 
prohibited as above and in the case where said information sending apparatus is utili2ation-proh.b.ted as above. 

382An information receiving method by an offline apparatus not connected online to a list sending apparatus, com- 
prising: 

an offline apparatus receiving step of, on connecting an online apparatus connected online to said list sending 
apparatus, receiving said provision prohibition list sent from the online apparatus, and also direcUy receiving 
said contents data sent from said information sending apparatus, or receiving said contents data sent from 
said information sending apparatus via another online apparatus or offline apparatus as above; and 
an offline apparatus sending step of. on connecting another offline apparatus as above, sending sa.d provision 
prohibition list as required to the offline apparatus. 

383. The information receiving method according to claim 382, comprising: 

an offline apparatus determining step of detemVining whether said contents data is provision-prohibited as 
above and also determining whether or not said information sending apparatus is utilization-prohibited as 
above based on said provision prohibition list; , 
an offline apparatus capture stopping step of stopping capture of said contents data in the case where said 
contents data is provision-prohibited as above and in the case where said information sending apparatus is 
utilization-prohibited as above respectively. 

384. The information receiving method according to claim 383. wherein: 

said offline apparatus sending step sends said provision prohibition list to another offline apparatus as above 
when receiving said contents data sent from another offline apparatus as above in the case where said contents 
data is provision-prohibited as above and in the case where said information sending apparatus is ut.lizaton- 
prohibited as above. 

385. A program storage medium storing a predetermined program and supplying the program to a list sending appa- 
ratus, characterized in that said program comprises: 

a list creating step of creating a provision prohibition list showing predetermined contents data designated as 

provision-prohibited; and . . . 

a sending step of sending said provision prohibition lift to an information receiving apparatus receiving sa.d 

contents data. 

386. The program storage medium according to claim 385, wherein: ...... 

saTd list creating step of said program registers said information sending apparatus designated as u ilizatooiv 
prohibited on said provision prohibition list, of information sending apparatuses sending sa.d contents data to sa.d 
information receiving apparatus. 

387 . The program storage medium according to claim 386, wherein: 

said list creating step of said program updates said provision prohibition list every time said contents data is 
designated as provision-prohibited as above or every time said information sending apparatus is designated 
as utilization-prohibited as above; and 

said sending step sends said provision prohibition list to said information receiving apparatus every time it is 
updated. 

388. A program storage medium storing a predetermined program and supplying the program to an information receiving 
apparatus characterized in that said program comprises: 

a receiving step of receiving a provision prohibition list showing predetermined contents data designated as 
provision-prohibited sent from a list sending apparatus; 

a determining step of determining whether or not said contents data sent from an information sending appa- 
ratus is provision-prohibited as above based on said provision prohibition list; and 

a capture stopping step of stopping capture of said contents data in the case where the contents data is 
provision-prohibited as above according to results of determination acquired from said determining step. 
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389. The program storage medium according to claim 388, wherein: 

said receiving step of said program receives said provision prohibition list showing said information sending 
apparatus designated as utilization-prohibited together with said contents data designated as provision-pro- 
hibited as above sent from said list sending apparatus; 

said determining step determines whether or not said contents data sent from said information sending appa- 
ratus is provision-prohibited as above and also determines whether or not said information sending apparatus 
is utilization-prohibited as above based on said provision prohibition list; 

said capture stopping step stops capture of said contents data in the case where said contents data is provision- 
prohibited as above and in the case where said information sending apparatus is utilization-prohibited as above 
respectively. 

390 . A program storage medium storing a predetermined program and supplying the program to an online apparatus, 
characterized in that said program comprises: 

an online apparatus receiving step of receiving said provision prohibition list sent from said list sending appa- 
ratus and also directly receiving said contents data sent from said information sending apparatus, or receiving 
said contents data sent from said information sending apparatus via another online apparatus connected online 
to the list sending apparatus or an offline apparatus not connected online to said list sending apparatus; and 
an online apparatus sending step of sending said provision prohibition list to said offline apparatus on con- 
necting the offline apparatus. 

391 .The program storage medium according to claim 390. wherein said program comprises: 

an online apparatus determining step of determining whether or not said contents data is provision-prohibited 
as above and also determining whether or not said information sending apparatus is utilization-prohibited as 
above based on said provision prohibition list; 

an online apparatus capture stopping step of stopping capture of said contents data in the case where said 
contents data is provision- prohibited as above and in the case where said information sending apparatus is 
utilization-prohibited as above respectively. 

392.The program storage medium according to claim 391 , wherein: 

said online apparatus sending step of said program sends said provision prohibition list to said offline appa- 
ratus when receiving said contents data sent from said offline apparatus in the case where said contents data is 
provision-prohibited as above and in the case where said information sending apparatus is utilization-prohibited 
as above. 

393 A program storage medium storing a predetermined program and supplying the program to an offline apparatus, 
characterized in that said program comprises: 

an offline apparatus receiving step of, on connecting an online apparatus connected online to a list sending 
apparatus receiving said provision prohibition list sent from the online apparatus, and also directly receiving 
said contents data sent from said information sending apparatus, or receiving said contents data sent from 
said information sending apparatus via another online apparatus as above or ah offline apparatus not con- 
nected online to said list sending apparatus; and 

an offline apparatus sending step of sending said provision prohibition list as required to another offline ap- 
paratus as above on connecting the offline apparatus. 

394. The program storage medium according to claim 393, wherein said program comprises: 

an offline apparatus determining step of determining whether or not said contents data is provision-prohibited 
as above and also determining whether or not said information sending apparatus is utilization-prohibited as 
above based on said provision prohibition list; 

an offline apparatus capture stopping step of stopping capture of said contents data in the case where said 
contents data is provision- prohibited as above and in the case where said information sending apparatus is 
utilization-prohibited as above respectively. 

395. The program storage medium according to claim 394, wherein: 
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• said offline sending step of said program sends said provision prohibition list to another offline apparatus 
above when receiving said contents data sent from another offline apparatus as above in the case where s; 
contents data is provision- prohibited as above and in the case where said information sending apparatus is u 
zation-prohibited as above. 
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1 ELECTRONIC WATERMARK INSERTION SECTION, AND SHARES A TEMPORARY KEY 



• S788 



THE ENCRYPTION PROCESSING SECTION ENCRYPTS 

THE CON TENT KEY WITH THE TEMPORARY KEY 
_____ 



S789 



THE ENCRYPTION PROCESSING SECTION TRANSMITS THE CONTENT 

KEY TO THE ELECTR ONIC WATERMARK INSERTION SECTION 
_ _____ _____ 



-S790 



THE ELECTRONIC WATERMARK INSERTION SECTION 

DECRYPTS THE CONTENT KEY WITH THE TEMPORARY KEY 
_________ ___ 



S791 



AN UPPER CONTROLLER TRANSMITS CONTENTS TO 

THE ELECTR ONIC WATERMARK INSERTION SECTION 

__ 



-S792 



THE ELECTRONIC WATERMARK INSERTION UNIT INSERTS AN ELECTRONIC 
WATERMARK IN THE CONTENTS IN AN ELECTRONIC WATERMARK ADDITION MODULE 
INSERTION SECTION WHILE DECRYPTING THE CONTENTS WITH THE CONTENT KEY 



S793 



| THE ELECTRONIC WATERMARK INSERTION SECTION RECORDS MUSIC IN THE MP | ~S794 
I THE CONTROL SECTION RETURNS CHANGE~W S795 



THE CLIENT RECEIVES THE CHANGE AND THE MD 



,$796 



c 



RETURN 
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(START KIOSK TERMINAL PURCHASE PROCESSING ) 

| A CLIENT INSERTS A RECORDING MEDIUM IN A KIOSK TERMINAL r ~S8Q0 

f •* 

''IS THE RECORDING MEDIUM\ wn . , 

AN ELECTRONIC msTRlRllTinN>£^U jTO PREVIOUS SECT I ON I 
ONLY RECOR DING MEDI UM?^ C<;ani 
I YES 



ITHE CLIENT SELECTS A TUNE THAT THE CLIENT PURCHASES AND A RIGHT 

' ~ ~~ 3 — — — 



S802 



< PR ICE SHALL BE SETTLED 
. ON A LATER DATE? 



1 



JO_ 



IED\JES/^\ 



IS PRICE ENOUGH? 



^ YES 



^-S804 



ADDITIONAL 
INSERTION 
OF MONEY 



■ S805 



< PURCHASE PROCESSING IS PERFORMED \, 
IN THE KIOSK TERMINAL? 

YES 



NO 



S806 



A CONTROL SECTION INSTRUCTS AN ENCRYPTION 
PROCESSING S ECTION TO PERFORM PURCHASE PROCESSING 



S807 



THE ENCRYPTION PROCESSING SECTION GENERATES LICENSE CONDITIONS 
INFORMATION AND CHARGE INFORMATION FROM A HANDLING POLICY AND PRICE 
INFORMATION. AND SAVES THE CHARGE INFORMATION IN A STORAGE MODULE 



,S808 



THE ENCRYPTION PROCESSING SECTION DECRYPTS A CONT ENT KEY 

X 



THE ENCRYPTION PROCESSING SECTION MUTUALLY AUTHENTICATES 
WITH A RECORDING MEDIUM. AND SHARES A TEMPORARY KEY 



X 



THE ENCRYPTION PROCESSING SECTION ENCRYPTS THE CONTENT KEY AND 
THE LICENSE CONDITIONS INFORMATION WITH THE TEMPORARY KEY 



THE ENCRYPTION PROCESSING SECTION TRANSMITS CONTENTS. THE 
CONTENT KEY. THE HANDLING POLICY. THE PRICE INFORMATION AND 
THE LICENSE CONDITIONS INFORMATION TO THE RECORDING MEDIUM 



X 



THE RECORDING MEDIUM DECRYPTS THE CONTENT KEY AND THE 
LICENSE CONDITIONS INFORMATION WITH THE TEMPORARY KEY. 
AND RE-ENCRYPTS THE CONTENT KEY WITH A SAVE KEY 



S809 
,S810 

.S811 
,S812 

,S813 



THE RECORDING MEDIUM SAVES THE CONTENTS, THE CONTENT KEY. THE HANDLING 
POLICY. THE PRICE INFORMATION AND THE LICENSE CONDITIONS INFORMATION 



X 



.S814 



[ 



THE CONTROL SECTION RETURNS CHANGE 



S815 



{THE CLIENT RECEIVES THE CHANGE AND THE RECORDING MEDIUM | ~S816 
( RETURN *) 
FIG. 103 



243 



EP 1 128 598 A1 



a CONTROL SECTION OF THE KIOSK TERMINAL INSTRUCTS AN ENCRYPTION Ls§20 
PROCESSING SECTION TO PERFORM PURCHASE PROCESSING | 



THE ENCRYPTION PROCESSING SECTION OF THE KIOSK TERMINAL 

GENERATES LICENSE CONDITIONS INFORMATION AND CHARGE 
INFORMATION FROM A HANDLING POLICY AND PRICE INFORMATION 



THE ENCRYPTION PROCESSING SECTION OF THE KIOSK 
TERMINAL DECRYPTS A CONTENT KEY 



I 



THE ENCRYPTION PROCESSING SECTION OF THE KIOSK TERMINAL 

MUTUALLY AUTHENTICATES WITH AN ENCRYPTION PROCESSING 
SECTION OF THE RECORDING MEDIUM AND SHARES A TEMPORARY KEY 



I 



THE ENCRYPTION PROCESSING SECTION OF THE KIOSK TERMINAL 
ENCRYPTS THE CONTENT KEY. THE LICENSE CONDITIONS INFORMATION 
AND THE CHARGE INFORMATION WITH THE TEMPORARY KEY 



I 



THE ENCRYPTION PROCESSING SECTION OF THE KIOSK TERMINAL 
TRANSMITS CONTENTS. THE CONTENT KEY. THE HANDLING POLICY. 
THE PRICE INFORMATION AND THE LICENSE CONDITIONS 

| INFORMATION TO THE RECORDING MEDIUM 



.S821 



S822 



,S823 



,S824 



,S825 



A CONTROL SECTION OF THE RECORDING MEDIUM SAVES THE CONTENTS, THE 
HANDLING POLICY AND THE PRICE INFORMATION IN AN EXTERNAL MEMORY 



THE ENCRYPTION PROCESSING SECTION OF THE RECORDING MEDIUM 
DECRYPTS THE CONTENT KEY. THE LICENSE CONDITIONS INFORMATION 
AND THE CHARGE INFORMATION WITH THE TEMPORARY KEY. 
AND RE-ENCRYPTS THE CONTENT KEY WITH THE SAVE KEY 



,S826 



,S827 



I 



THE ENCRYPTION PROCESSING SECTION OF THE RECORDING MEDIUM 
.S AVES THE CHARGE INFORMATION IN THE STORAGE MODULE 

_i_ 



1^S828 



THE CONTROL SECTION OF THE RECORDING MEDIUM SAVES THE CONTENT KEY 
AND THE LICENSE CONDITIONS INFORMATION IN THE EXTERNAL MEMORY 



✓ S829 



C 



RETURN 



FIG. 104 
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A CONTROL SECTION OF THE KIOSK TERMINAL TRANSMITS CONTENTS. A CONTENT 
KEY, A HANDLING POLICY, PRICE INFORMATION TO A RECORDING MEDIUM 



I 



S840 



A CONTROL SECTION OF THE RECORDING MEDIUM SAVES THE CONTENTS. 
AND IF NECESSARY. THE HANDLING POLICY AND THE PRICE 

INFORMATION IN AN EXTERNAL MEDIUM 



AN ENCRYPTION PROCESSING SECTION OF THE RECORDING MEDIUM 
GENERATES LICENSE CONDITIONS INFORMATION AND CHARGE 
INFORMATION FROM THE HANDLING POLICY AND THE PRICE INFORMATION 



THE ENCRYPTION PROCESSING SECTION OF THE RECORDING MEDIUM 
DECRYPTS THE CONTENT KEY, AND RE-ENCRYPTS IT WITH A SAVE KEY 



J. 



THE ENCRYPTION PROCESSING SECTION OF THE RECORDING MEDIUM 

MUTUALLY AUTHENTICATES WITH THE ENCRYPTION PROCESSING 
SECTION OF THE KIOSK TERMINAL. AND SHARES THE TEMPORARY KEY 



I 



THE ENCRYPTION PROCESSING SECTION OF THE RECORDING MEDIUM 
ENCRYPTS THE CHARGE INFORMATION WITH THE TEMPORARY KEY, AND 
TRANSMITS IT TO THE CONTROL SECTION OF THE KIOSK TERMINAL 



,S841 



,S842 



S843 



-S844 



.S845 



THE CONTROL SECTION OF THE KIOSK TERMINAL INPUTS THE CHARGE 
INFORMATION IN THE ENCRYPTION PROCESSING SECTION OF THE KIOSK TERMINAL 



X 



THE ENCRYPTION PROCESSING SECTION OF THE KIOSK TERMINAL 
DECRYPTS THE CHARGE INFORMATION AND SAVES IT IN A STORAGE MODULE 



I 



THE ENCRYPTION PROCESSING SECTION OF THE KIOSK TERMINAL NOTIFIES 
THE CONTROL SECTION OF THE KIOSK TERMINAL AND THE RECORDING 
MEDIUM OF COMPLETION OF THE CHARGE PROCESSING 



THE CONTROL SECTION OF THE RECORDING MEDIUM SAVES THE CONTENT KEY 
AND THE LICENSE CONDITIONS INFORMATION IN THE EXTERNAL MEMORY 



I 



.S846 



S847 



-S848 



,S849 



THE CONTROL SECTION OF THE KIOSK TERMINAL RETURNS CHANGE 



-S850 



THE CUSTOMER RECEIVES THE CHANGE AND THE RECORDING MEDIUMK S851 

+ 

C RETURN ) 



FIG. 105 



245 



EP 1 128 598 A1 



2 , 

THE KIOSK TERMINAL TRANSMITS CONTENTS, A CONTENT KEY. A L 
HANDLING POLICY AND PRICE INFORMATION TO THE RE CORDING MEDIUM | 



4 

RETURN ) 



FIG. 106 
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A CONTROL SECTION OF THE KIOSK TERMINAL INSTRUCTS AN ENCRYPTION 
PROCESSING SECTION TO PERFORM PURCHASE PROCESSING 



THE ENCRYPTION PROCESSING SECTION OF THE KIOSK 
TERMINAL DECRYPTS A CONTENT KEY 



> 
> 



I 



THE ENCRYPTION PROCESSING SECTION OF THE KIOSK TERMINAL 
MUTUALLY AUTHENTICATES WITH AN ENCRYPTION PROCESSING 
SECTION OF THE RECORDING MEDIUM AND SHARES A TEMPORARY KEY^ 



I 



S872 



THE ENCRYPTION PROCESSING SECTION OF THE KIOSK TERMINAL 
ENCRYPTS THE CONTENT KEY- WITH THE TEMPORARY KEY 



THE CONTROL SECTION OF THE KIOSK TERMINAL TRANSMITS CONTENTS, 
THE CONTENT KEY. A HANDLING POLICY AND PRICE INFORMATION 

TO THE RECORDING MEDIUM 



I 



-S873 



-S874 



THE ENCRYPTION PROCESSING SECTION OF THE RECORDING MEDIUM 
DECRYPTS THE CONTENT KEY WITH THE TEMPORARY KEY. 

AND RE-ENCRYPTS IT WITH A SAVE KEY 



S875 



I 



THE ENCRYPTION PROCESSING SECTION OF THE RECORDING MEDIUM 
GENERATES LICENSE CONDITIONS INFORMATION AND CHARGE 
INFORMATION FROM THE HANDLING POLICY AND THE PRICE INFORMATION 



I 



THE ENCRYPTION PROCESSING SECTION OF THE RECORDING MEDIUM 
SAVES THE CHARGE INFORMATION IN THE STORAGE MODULE 



I 



A CONTROL SECTION OF THE RECORDING MEDIUM SAVES THE CONTENTS. THE- 
* HANDLING POLICY AND THE PRICE INFORMATION IN AN EXTERNAL MEMORY 



I 



THE CONTROL SECTION OF THE RECORDING MEDIUM SAVES THE CONTENT KEY 
AND THE LICENSE CONDITIONS INFORMATION IN THE EXTERNAL MEMORY 



.S876 



S877 



,S878 



,S879 



I 



RETURN 
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UPDATE DATE 



SERIAL NUMBER 



go 



D 1 OF CONTENTS | ID 2 OF CONTENTS \ 



m • • 



D 1 OF A CONTENT PROVIDER^ 2 OF A CONTENT PROVIDER} 



_ — -&.m 



ID 1 OF A SERVICE PROVlDERjiD 2 OF A SERVICE PROVIDERf 



SIGNATURE 



FIG. 108 
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(START REDISTRIBUTION/REPURCHASE PROCESSING) 

/ VERIFY A SIGNATURE OF A ^<nJ_? 
\ PUR CHASE PROHIBITION LIST ^<_Z . 

■ - <^_HOME SERVER? 



X 



S900 

_ 



< 



OK 



S901 



> 



NO 



YES 



OBTAIN THE PURCHASE PROHIBITION 
LIST FROM THE ELECTRONIC 
DISTRIBUTION SERVICE CENTER 



S902 



OBTAIN THE PURCHASE 
PROHIBITION LIST FROM 
THE HOME SERVER 



IS A CONTENT ID LISTED IN THE 
PURCHASE PROHIBITION LIST? 



3/\ 

|89T\I 



I 



VERIFY A SIGNATURE OF 
PURCHASE PROHIBITION 



< 
< 



OK 



IS AN ID OF A CONTENT PROVIDER 
LISTE D IN THE PURCHASE PROHIBITION L I ST? 

I OK 

IS AN ID OF A SERVICE PROVIDER 
LISTED IN THE PURCHASE PR OHIBITION LIST? 

_____ S894 
^ mcdicv k ciftNATIIRF (IF A ^NG 



VERIFY A SIGNATURE OF A 
RED I STR I BUT I ON/REPURCHASE LIST 




k S903 

list/ • 



I OK 



A HOME SERVER AND AN OFFLINE 
APPARATUS MUTUALLY AUTHENTICATE 

i 



S895 



REGISTER THE CONTENT ID. THE CONTEN T 
PROVIDER ID AND THE SERVICE PROVIDER ID 
IN THE REDISTRIBUTI ON/REPURCHASE LIST 

1 " ' ' 



S896 



REGENERATE A SIGNATURE OF THE 
REDISTRIBUTION/REPURCHASE LIST 



S897 



y S898 

| SAVE THE REDISTRIBUTION/REPURCHASE LlSTf ^ ^ 

| 5399 

I RFD I STR I BUTE AND REPURCHASE CONTENTS^ 
L_ — 



c 



RETURN 



> 
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DESCRIPTION OF SYMBOLS 

l f 401 Electronic distribution service center, 2, 404 ... Contents 

provider, 3, 407 ... Service provider, 4 ... Network, 5, 408 ... User 
home network, 10, 400 ... Electronic music distribution system, 34 . . v 
Contents encryption section, 36 ...Contents key encryption section, 
37, 206 Handling policies generation section, 38, 45, 207 ... Signature^ 
generation section, 40, 202 ...Memory, 44 . . . Pricing section, 51.... 

Home server, 61, 260, 300, 350 ... Communication section, 62, 351 

Upper controller, 65, 122, 262, 301, 352 ... Encryption processing 
section, 68 . . . Mass storage section, 91, 212, 261, 360 ... Control 
section, 92, 311 ... Storage module, 94 . . . Purchase processing module, 
96 Encryption/decryption module, 111, 320 ... Decryption unit, 

115 ... Signature verification unit, 123, 303 ... External memory, 130, 
302 . . . External memory control section, 203, 204 . . . Data encryption 
section, 221 ... Sending and receiving section, 222 ...Signature 
verification section, 223 ... Data decryption section, 226 ... 
Comparator, 250 ... Recording and reproducing apparatus, 251, 334 ... 
Electronic distribution-specific record medium, 263 ... Expansion 

t 

section, 321 ... Encryption unit, 330 ... Information provision 
apparatus, 331 Hosting server, 332 ... KIOSK terminal, 333 ... Record 
medium, 353 ... Digital watermark insertion section, 402, 405 ... 
Personal computer for a server, 403, 406 .. . Personal computer for signal 
processing . 
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Thi3 intentional search report has no t been established in respect of certain claims under Article 17(3X») for the following reason* 



i i. [~| Claims Nos,: 

because they relate to subject matter not required to be 



searched by this Authority , namely. 



|2 * ^ bc^'toy reUte to parts of the international application that do not comply with the prescribed requirements to such an 
extent that no meaningful international search can be carried out, specifically: 



* 3 ' ^ oect^thqr are dependent chums an it > . i Lrafted u accordance *iihtb< 



second and third sentences of Rule 6.4(a). 



I Box U Observatio ns where natty of Invention Js lacking (Continaatkm of Item 1 of first sheet) 

I This International Searching Authority found multiple inventions in this international application, as follows: 
I The inventions of the international application are divided into ten groups. 

The inventions of claims' 1 to 104 
The inventions of claims 105 to 117 
The inventions of claims 11B to 194 

317, 322 to 325 



1. 
2. 
3. 
4. 

5. 

6. 
7. 
8. 
9. 
10. 



The inventions of claims 251 to 291 
The inventions of claims 292 to 300, 
The inventions of claims 326 to 355 
The inventions of claims 356 to 378, 
The inventions of claims 379 to 384, 



305 to 313, 318 to 321 

385 to 389 
390 to 395 



10, rne inventions ut — - — » 

1 E| As .U required "iditiOMl search fees were timely piid by the .pplieant, thi. mteroationll search report coven .11 .e.reh.bk 
claims. 

I 2. □ As all searchable claims could be searched without effort justifying an additional fee, this Authority did not invite payment 
6 of any additional fee. 

I 3 □ As only some of the required additional search fees were timely pud by the applicant, this international search report cov* 
' * only those claims for which fees were paid, specifically claims No*.: 



□ No required additional search fee* were timely paid by the applicant C ^^^^^ 
search report is restricted to the invention first mentioned ,n the claims; it is covered by claims Nos.. 



Remark on Protest 



Q The additional search fees were accompanied by the applicant's protest 
g] No protest accompanied the payment of additional search fees. 
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